Mobile agents in peer-to-peer networks

ABSTRACT

Embodiments of a mechanism for implementing mobile agents in peer-to-peer networks. An initiating peer may generate a mobile agent to perform one or more tasks on or gather information from other peers in the peer-to-peer network. The mobile agent may include an itinerary of peers that the mobile agent may visit. The mobile agent may be transmitted on communications channels in the peer-to-peer network to each peer on the itinerary in turn, and return to the initiating peer after visiting or attempting to visit each peer on the itinerary. In one embodiment, the mobile agent may traverse its itinerary via virtual communication channels (pipes) implemented according to a peer-to-peer platform. A mobile agent may include information identifying input pipes for each peer on its itinerary. Peers may generate and advertise input pipes for use by mobile agents.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to computer networks, and moreparticularly to implementing mobile agents in peer-to-peer networks.

[0003] 2. Description of the Related Art

[0004] The Internet has three valuable fundamental assets—information,bandwidth, and computing resources—all of which are vastlyunderutilized, partly due to the traditional client-server computingmodel. No single search engine or portal can locate and catalog theever-increasing amount of information on the Web in a timely way.Moreover, a huge amount of information is transient and not subject tocapture by techniques such as Web crawling. For example, research hasestimated that the world produces two exabytes or about 2×10¹⁸ bytes ofinformation every year, but only publishes about 300 terabytes or about3×10¹² bytes. In other words, for every megabyte of informationproduced, only one byte is published. Moreover, Google claims that itsearches about only 1.3×10{circumflex over ( )}8 web pages. Thus,finding useful information in real time is increasingly difficult.

[0005] Although miles of new fiber have been installed, the newbandwidth gets little use if everyone goes to one site for content andto another site for auctions. Instead, hot spots just get hotter whilecold pipes remain cold. This is partly why most people still feel thecongestion over the Internet while a single fiber's bandwidth hasincreased by a factor of 10{circumflex over ( )}6 since 1975, doublingevery 16 months.

[0006] New processors and storage devices continue to break records inspeed and capacity, supporting more powerful end devices throughout thenetwork. However, computation continues to accumulate around datacenters, which have to increase their workloads at a crippling pace,thus putting immense pressure on space and power consumption.

[0007] Finally, computer users in general are accustomed to computersystems that are deterministic and synchronous in nature, and think ofsuch a structure as the norm. For example, when a browser issues a URL(Uniform Resource Locator) request for a Web page, the output istypically expected to appear shortly afterwards. It is also typicallyexpected that everyone around the world will be able to retrieve thesame page from the same Web server using the same URL.

[0008] The term peer-to-peer networking or computing (often referred toas P2P) may be applied to a wide range of technologies that greatlyincrease the utilization of information, bandwidth, and computingresources in the Internet. Frequently, these peer-to-peer technologiesadopt a network-based computing style that neither excludes norinherently depends on centralized control points. Apart from improvingthe performance of information discovery, content delivery, andinformation processing, such a style also can enhance the overallreliability and fault-tolerance of computing systems.

[0009]FIGS. 1A and 1B are examples illustrating the peer-to-peer model.FIG. 1A shows two peer devices 104A and 104B that are currentlyconnected. Either of the two peer devices 104 may serve as a client ofor a server to the other device. FIG. 1B shows several peer devices 104connected over the network 106 in a peer group. In the peer group, anyof the peer devices 104 may serve as a client of or a server to any ofthe other devices.

SUMMARY OF THE INVENTION

[0010] Embodiments of a system and method for implementing mobile agentsin peer-to-peer (P2P) networking environments are described. Aninitiating peer may generate a mobile agent to perform one or more taskson and/or to gather information from other peers in the peer-to-peernetwork. In one embodiment, peers may include mobile agent handlers forinitiating mobile agents and handling received mobile agents. A mobileagent may include an itinerary of one or more peers that the mobileagent is to attempt to visit in the peer-to-peer network. In oneembodiment, a mobile agent may be transmitted on communications channelsin the peer-to-peer network from the initiating peer to a first peer inthe itinerary, from the first peer to a second peer, and so on, in theorder the peers are scheduled to be visited in the itinerary, until themobile agent returns to the initiating peer after visiting, or at leastattempting to visit, each peer on the itinerary.

[0011] A mobile agent may be transmitted via a virtual communicationchannel, such as a communications pipe implemented according to one ormore protocols of a peer-to-peer platform. The mobile agent may betransmitted as part of one or more messages or generally in a formataccording to one or more data transmission protocols of the peer-to-peernetwork.

[0012] A mobile agent may visit peers on an itinerary and finally returnto the initiating peer when all peers on the itinerary are visited.Peers not on the itinerary may not be visited. In one embodiment, amobile agent may not return to the initiating peer, but may terminate ata last peer in the itinerary. In one embodiment, a mobile agent mayreturn to the initiating peer one or more times on its itinerary. In oneembodiment, a peer may be visited more than once on a mobile agentitinerary. In one embodiment, if the initiating peer is not accessibleupon completing the itinerary, the mobile agent may wait on another peerfor the initiating peer to become available. In one embodiment, if apeer on the itinerary is not accessible when the mobile agent attemptsto visit the peer, the mobile agent may skip the peer and attempt tovisit a next peer on the itinerary. In one embodiment, the mobile agentmay attempt to visit a skipped peer later in its itinerary.

[0013] On each visited peer, a mobile agent may perform or cause to beperformed one or more tasks such as executing one or more softwaremodules (applications, services, etc.), executing a script, collectinginformation from the visited peer to be returned to the initiating peer,or any other computer-performable task or combination of tasks which themobile agent is configured to perform or initiate on visited peers. Inone embodiment, a mobile agent may store information gathered fromvisited peers and deliver the information to the initiating peer when itreturns after completing the itinerary. In one embodiment, portions ofinformation collected by the mobile agent may be returned to theinitiating peer one or more times from visited peers on the itinerary.

[0014] In one embodiment, mobile agents may be implemented in apeer-to-peer network implemented according to one or more peer-to-peerplatform protocols of a peer-to-peer platform. In this embodiment,mobile agents may use the peer-to-peer platform protocols, including apipe protocol, as the basis for the mobile agents' itineraries to hidethe complexity of the peer-to-peer network from various modules (e.g.services, applications, etc.) that may use mobile agents. Peer-to-peerplatform pipes may be used as communications channels, and the itinerarymay include advertisements or other indications of pipes correspondingto the peers to be visited on the itinerary. When the mobile agent is tovisit a peer on the itinerary, a pipe advertisement corresponding to thepeer in its itinerary may be used to establish a “virtual”communications channel (pipe) on the peer-to-peer network from the peeron which the mobile agent currently resides to the peer to be nextvisited. The mobile agent may then be transmitted to the peer via thepipe.

[0015] In one embodiment, peers may generate mobile agent input pipesfor use by mobile agents. When a peer generates a mobile agent inputpipe, the mobile agent input pipe may be advertised, and thus may beavailable for any mobile agent that may desire to visit the associatedpeer. In one embodiment, when the input pipe is active, the input pipemay be associated with a process (e.g. daemon) running on the associatedpeer that will receive peer-to-peer platform message(s) with anitinerary and mobile agent as elements. In one embodiment, an initiatingmobile agent handler may generate a list of mobile agent input pipes asan initial itinerary for a generated mobile agent by performing a search(e.g. discovery) in the peer-to-peer platform advertisement space forinput pipes belonging to the module (e.g. service or application) forwhich the mobile agent is targeted.

[0016] The mobile agent may then be launched as one or more peer-to-peerplatform messages including the mobile agent and the itinerary. The oneor more peer-to-peer platform messages may then move from pipe to pipe(i.e. from peer to peer) in the itinerary until the itinerary isexhausted, and then return to the initiating peer, if possible. In oneembodiment, unavailable peers may be skipped, or alternatively may bevisited later in the itinerary if they become available. If an inputpipe in the itinerary is not “listening” when the mobile agent attemptsto access it, then the mobile agent may postpone the visit and tryanother input pipe in the itinerary. If no input pipes are listening,the mobile agent may wait on a particular peer or alternatively migrateto another peer, and wait for a peer on the itinerary to become active.In one embodiment, the mobile agent may include a “timeout” period forwhich it will wait for a peer or peer to become active before giving upand returning to the initiating peer.

BRIEF DESCRIPTION OF THE DRAWINGS

[0017]FIG. 1A illustrates a prior art example of two devices that arecurrently connected as peers;

[0018]FIG. 1B illustrates a prior art example of several peer devicesconnected over the network in a peer group;

[0019]FIG. 2 illustrates one embodiment of peer-to-peer platformsoftware architecture at the conceptual level;

[0020]FIG. 3 illustrates an exemplary content identifier according toone embodiment;

[0021]FIG. 4 illustrates a point-to-point pipe connection between peersaccording to one embodiment;

[0022]FIG. 5 illustrates a peer-to-peer platform message formataccording to one embodiment;

[0023]FIG. 6 illustrates the content of a peer advertisement accordingto one embodiment;

[0024]FIG. 7 illustrates the content of a peer group advertisementaccording to one embodiment;

[0025]FIG. 8 illustrates the content of a pipe advertisement accordingto one embodiment;

[0026]FIG. 9 illustrates the content of a service advertisementaccording to one embodiment;

[0027]FIG. 10 illustrates the content of a content advertisementaccording to one embodiment;

[0028]FIG. 11 illustrates the content of an endpoint advertisementaccording to one embodiment;

[0029]FIG. 12 illustrates protocols and bindings in a peer-to-peerplatform according to one embodiment;

[0030]FIG. 13 illustrates discovery through a rendezvous proxy accordingto one embodiment;

[0031]FIG. 14 illustrates discovery through propagate proxies accordingto one embodiment;

[0032]FIG. 15 illustrates using messages to discover advertisementsaccording to one embodiment;

[0033]FIG. 16 illustrates one embodiment of using peer resolver protocolmessages between a requesting peer and a responding peer;

[0034]FIG. 17 illustrates one embodiment of using peer informationprotocol messages between a requesting peer and a responding peer;

[0035]FIG. 18 illustrates several core components and how they interactfor discovery and routing according to one embodiment;

[0036]FIG. 19 illustrates one embodiment of message routing in apeer-to-peer network that uses the peer-to-peer platform;

[0037]FIG. 20 illustrates traversing a firewall in a virtual privatenetwork when access is initiated from outside only according to oneembodiment;

[0038]FIG. 21 illustrates email exchange through an email gatewayaccording to one embodiment;

[0039]FIG. 22 illustrates traversing a firewall when access is initiatedfrom the inside according to one embodiment;

[0040]FIG. 23 illustrates embodiments of a peer-to-peer platform proxyservice, and shows various aspects of the operation of the proxyservice;

[0041]FIG. 24 illustrates a method of using a proxy service for peergroup registration according to one embodiment;

[0042]FIG. 25 illustrates peer group registration across a firewallaccording to one embodiment;

[0043]FIG. 26 illustrates a method of providing peer group membershipthrough a proxy service according to one embodiment;

[0044]FIGS. 27A and 27B illustrate a method of providing privacy in thepeer-to-peer platform according to one embodiment;

[0045]FIGS. 28A and 28B illustrate one embodiment of a method for usinga peer-to-peer platform proxy service as a certificate authority;

[0046]FIG. 29A illustrates a peer in a peer-to-peer network publishingan advertisement according to one embodiment;

[0047]FIG. 29B illustrates a peer in a peer-to-peer network publishingan advertisement to a rendezvous peer according to one embodiment;

[0048]FIG. 30 illustrates discovering advertisements according to oneembodiment;

[0049]FIG. 31 illustrates a tiered architecture for abstracting softwaremodules according to one embodiment;

[0050]FIG. 32 illustrates a tiered architecture for abstracting softwaremodules according to another embodiment;

[0051]FIG. 33 illustrates a module class advertisement, a modulespecification advertisement, and a module implementation advertisementfor a software module according to one embodiment;

[0052]FIG. 34 illustrates a computing device configured to handle amobile agent according one embodiment;

[0053]FIG. 35 illustrates peers in a peer-to-peer network using a mobileagent according to one embodiment;

[0054]FIG. 36 illustrates a pipe used by a mobile agent in apeer-to-peer environment implemented according to the exemplarypeer-to-peer platform;

[0055]FIG. 37 illustrates a mobile agent according to one embodiment;

[0056]FIG. 38 illustrates a peer creating a mobile agent itineraryaccording to one embodiment;

[0057]FIG. 39 illustrates a peer generating and using a mobile agentaccording to one embodiment;

[0058]FIG. 40 illustrates a peer receiving and processing a mobile agentaccording to one embodiment; and

[0059]FIG. 41 illustrates a mobile agent operating from peer to peer ina peer-to-peer network according to one embodiment;

[0060]FIG. 42 illustrates a member peer in a peer group using a mobileagent to detect peer group member presence according to one embodiment;

[0061]FIG. 43 is a flowchart illustrating detecting presence in a peergroup using a mobile agent according to one embodiment;

[0062]FIG. 44 is a flowchart illustrating collaborative content controlin a peer group using a mobile agent according to one embodiment;

[0063]FIG. 45 illustrates a host peer operating in response to a mobileagent configured to perform version control according to one embodiment;

[0064]FIG. 46 is a flowchart illustrating using a mobile agent to detectunauthorized copies of content according to one embodiment;

[0065]FIG. 47 illustrates a host peer operating in response to a digitalrights management mobile agent according to one embodiment;

[0066]FIG. 48 is a flowchart illustrating a peer node using a mobileagent to collect trust evaluations from a plurality of peer nodesaccording to one embodiment;

[0067]FIG. 49 illustrates a host peer operating in response to a mobileagent configured to gather reputation information according to oneembodiment;

[0068]FIG. 50A illustrates trust relationships between peers and betweenpeers and codat according to one embodiment;

[0069]FIG. 50B illustrates peers in a “web of trust” according to oneembodiment;

[0070]FIG. 51 illustrates a typical computer system that is suitable forimplementing various embodiments of the decentralized trust mechanism;

[0071]FIG. 52 illustrates an exemplary architecture of a peerimplementing a trust mechanism according to one embodiment;

[0072]FIG. 53A illustrates a codat confidence table according to oneembodiment;

[0073]FIG. 53B illustrates a peer confidence table according to oneembodiment;

[0074]FIG. 53C illustrates a peer group-independent peer confidencetable according to one embodiment;

[0075]FIG. 54 illustrates one embodiment of a table of trust values withcorresponding significances or meanings;

[0076]FIG. 55 illustrates a trust spectrum according to one embodiment;

[0077]FIG. 56A illustrates a certificate confidence table according toone embodiment; and

[0078]FIG. 56B illustrates a certificate confidence table comprisingconfidences in using a given peer's certificate for securing atransaction and confidences in the peer as a recommender, or certificatecosigner.

[0079] While the invention is described herein by way of example forseveral embodiments and illustrative drawings, those skilled in the artwill recognize that the invention is not limited to the embodiments ordrawings described. It should be understood, that the drawings anddetailed description thereto are not intended to limit the invention tothe particular form disclosed, but on the contrary, the intention is tocover all modifications, equivalents and alternatives falling within thespirit and scope of the present invention as defined by the appendedclaims. The headings used herein are for organizational purposes onlyand are not meant to be used to limit the scope of the description orthe claims. As used throughout this application, the word “may” is usedin a permissive sense (i.e., meaning having the potential to), ratherthan the mandatory sense (i.e., meaning must). Similarly, the words“include”, “including”, and “includes” mean including, but not limitedto.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

[0080] Embodiments of a system and method for implementing mobile agentsin peer-to-peer (P2P) networking environments are described. A mobileagent may be software configured to operate on different nodes in anetwork and gather information or perform some service on host nodes inthe network for a program, system, or user. For example, a mobile agentmay be created on one node in a network, start executing on that node,be transferred to another node, and continue executing on that othernode. A mobile agent may be configured to perform one or more operationson network nodes hosting the mobile agent. A mobile agent may beconfigured to navigate through the network from node to node accordingto an itinerary.

[0081]FIG. 34 illustrates a device 1300 (also referred to herein as anode) including a processor 1301, memory 1302 coupled to the processor1301, and one or more network connections 1303, for participating as apeer node in a peer-to-peer network according to one embodiment. Thenetwork connection(s) may be according to any specification enabling thecomputing device 1300 to exchange data in a network, including, but notlimited to: wired and wireless connections, Ethernet, Universal SerialBus (USB), serial, and parallel connections. Memory 1302 may include animplementation of a peer 200. In one embodiment, peer 200 may beimplemented according to a peer-to-peer platform. An exemplarypeer-to-peer platform for implementing a peer-to-peer network includingpeers such as peer 200 and groups of peers in which mobile agents asdescribed herein may be implemented is described later in this document.

[0082] Peer 200 may be implemented as one or more software modules or aspart of a program, application, or operating system. In one embodiment,at least part of the peer 200 may be implemented in hardware. In oneembodiment, peer 200 may include data corresponding to other peersaccessible through the network connection 1303 that may form part of atleast one peer group with peer 200. In one embodiment, peer 200 mayinclude information regarding communications channels (e.g. pipes asdescribed for the exemplary peer-to-peer platform described below) forconnecting peer 200 to other peers. Peer 200 may also include datacorresponding to other resources in the network accessible throughnetwork connection 1303, such as services and data available from otherpeers. In one embodiment, memory 1302 may include data corresponding toother nodes reachable through network connection 1303 that are not peernodes.

[0083] In one embodiment, a peer 200 may include a mobile agent handler1402 for initiating mobile agents and handling received mobile agents.In one embodiment, the mobile agent handler 1402 may be implementedaccording to a peer-to-peer platform such as the exemplary peer-to-peerplatform described below. The mobile agent handler 1402 may enable peer200 to use mobile agents among the services, programs, or toolsavailable to function within or interact with the peer-to-peer network.Mobile agent handler 1402 may be implemented in any of a variety of waysincluding, but not limited to, as a software module (e.g. a service orapplication), a demon, and a daemon. While mobile agent handler 1402 isillustrated as part of peer 200, in other embodiments mobile agenthandler 1402 may be a stand-alone program or other software module inmemory 1302 separate from peer 200, or alternatively may be implementedon a different device and/or peer and accessed by peer 200 via thenetwork.

[0084]FIG. 35 illustrates peers in a peer-to-peer network using a mobileagent according to one embodiment. An initiating peer 200A may generatea mobile agent 1400 to perform one or more tasks on and/or to gatherinformation from other peers 200 in the peer-to-peer network. In oneembodiment, peers 200 may include mobile agent handlers 1402 forinitiating mobile agents 1400 and handling received mobile agents 1400.Mobile agent 1400 may include an itinerary of one or more peers 200which the mobile agent is to attempt to visit in the peer-to-peernetwork. In one embodiment, mobile agent 1400 may be transmitted oncommunications channels in the peer-to-peer network from the initiatingpeer 200A to a first peer 200 in the itinerary, from the first peer to asecond peer, and so on, in the order the peers 200 are scheduled to bevisited in the itinerary, until the mobile agent returns to theinitiating peer 200A after visiting, or at least attempting to visit,each peer of the itinerary.

[0085] A mobile agent 1400 may be transmitted as data using a virtualcommunication channel, such as a pipe implemented according to theexemplary peer-to-peer platform described below. The mobile agent 1400may be transmitted as part of a message or generally in a formataccording to one or more data transmission protocols of the peer-to-peernetwork. The mobile agent 1400 may be transmitted in multiple parts andthe transmission may be performed through multiple routes. In oneembodiment, an initiating peer 200A may use a plurality of communicationchannels or pipes. Duplicate parts may be transmitted to provideredundancy and to avoid losing parts of the mobile agent. In oneembodiment, any communications between peers 200 may be duplicative; inone or more parts, and/or along different paths to provide redundancy.

[0086] In FIG. 35, mobile agent 1400 is shown visiting peer 200B, then200D, and finally returning to initiating peer 200A when all peers 200on the itinerary are visited. Peers 200C and 200E are not on theitinerary, and thus are not visited by mobile agent 1400. In oneembodiment, mobile agent 1400 may not return to the initiating peer, butmay terminate at the last peer (e.g. peer 200D) in the itinerary. In oneembodiment, mobile agent 1400 may return to the initiating peer 200A oneor more times on its itinerary. In one embodiment, a peer 200 may bevisited more than once on mobile agent 1400's itinerary. In oneembodiment, if the initiating peer 200A is not accessible uponcompleting the itinerary, the mobile agent 1400 may wait on another peer200 for the initiating peer 200A to become available. In one embodiment,if a peer 200 on the itinerary is not accessible when the mobile agent1400 attempts to visit the peer, the mobile agent 1400 may skip the peerand attempt to visit a next peer 200 on the itinerary. In oneembodiment, the mobile agent 1400 may attempt to visit a skipped peer200 later in its itinerary.

[0087] On each visited peer 200, mobile agent 1400 may perform or causeto be performed one or more tasks such as executing one or more softwaremodules (applications, services, etc.), executing a script, collectinginformation from the visited peer 200 to be returned to the initiatingpeer 200A, or any other computer-performable task or combination oftasks which the mobile agent is configured to perform or initiate onvisited peers 200. In one embodiment, mobile agent 1400 may storeinformation it gathers from visited peers and delivers the informationto the initiating peer 200A when it returns after completing theitinerary. In one embodiment, information collected by the mobile agent1400 may be returned to the initiating peer 200A one or more times fromvisited peers 200 on the itinerary.

[0088] Continuing with FIG. 35, in one embodiment, mobile agent handlers1402 may be implemented as services in a peer-to-peer networkimplemented with one or more of the peer-to-peer platform protocols ofthe exemplary peer-to-peer platform described below. The peer-to-peerplatform protocols may provide a framework for dealing with thecomplexity and dynamic nature of peer-to-peer networks, where one cannotdepend on a particular peer to be available at a given moment in time.In this embodiment, mobile agents 1400 may use the peer-to-peer platformprotocols, including the pipe protocol, as the basis for the mobileagents' itineraries to hide the complexity of the peer-to-peer networkfrom various modules (e.g. services, applications, etc.) that may usemobile agents 1400.

[0089] As described above, in one embodiment, mobile agents 1400 may beused in peer-to-peer networks implemented according to the exemplarypeer-to-peer platform described below. In this embodiment, pipes asdescribed for the exemplary peer-to-peer platform may be used ascommunications channels, and the itinerary may include advertisementsfor pipes corresponding to the peers 200 to be visited on the itinerary.FIG. 36 illustrates a pipe used by a mobile agent in a peer-to-peerenvironment implemented according to the exemplary peer-to-peerplatform. When mobile agent 1400 is to visit a peer 200B on theitinerary, a pipe advertisement 808 (e.g. pipe advertisement 808A)corresponding to the peer 200B in its itinerary may be used to establisha “virtual” communications channel (a pipe), as described for theexemplary peer-to-peer platform, on the peer-to-peer network from thepeer 200A on which the mobile agent 1400 currently resides to the peer200B to be next visited. In one embodiment, the mobile agent 1400 mayinclude the pipe advertisement 808. In another embodiment, the mobileagent 1400 may include information identifying the pipe advertisement808 that may be used to access the pipe advertisement. In oneembodiment, this information may include a pipe identifier for the pipe(e.g. a URI, URN or UUID as described for the exemplary peer-to-peerplatform described below). The mobile agent 1400 may then be transmittedto the peer 200B via the pipe. Transmitting the mobile agent 1400 may beperformed from an output pipe 204 of the peer 200A to an input pipe 202of peer 200B indicated in the advertisement 808A, as described forembodiments of the exemplary peer-to-peer platform.

[0090] In one embodiment, peers 200 may generate mobile agent inputpipes 202 for use by mobile agents. When a peer 200 such as peer 200B ofFIG. 36 generates a mobile agent input pipe 202, the mobile agent inputpipe may be advertised as described below for the exemplary-peer-to-peerplatform protocols, and thus may be available for any mobile agent 1400that may desire to visit the associated peer 200. In one embodiment,when the input pipe 202 is active, the input pipe may be associated witha process (e.g. daemon) running on the associated peer 200 which willreceive peer-to-peer platform message(s) with an itinerary and mobileagent as elements. In one embodiment, an initiating mobile agent handler1402 may generate a list of mobile agent input pipes 202 as an initialitinerary for a generated mobile agent 1400 by performing a search (e.g.discovery) in the peer-to-peer platform advertisement space for inputpipes belonging to the module (e.g. service or application) for whichthe mobile agent is targeted.

[0091] The mobile agent 1400 may then be launched as one or morepeer-to-peer platform messages including the mobile agent 1400 and theitinerary 1420. The one or more peer-to-peer platform messages may thenmove from pipe to pipe (i.e. from peer to peer) in the itinerary untilthe itinerary is exhausted, and then return to the initiating peer 200,if possible. In one embodiment, unavailable peers 200 may be skipped, oralternatively may be visited later in the itinerary if they becomeavailable. If an input pipe 202 in the itinerary is not “listening” whenthe mobile agent attempts to access it, then the mobile agent maypostpone the visit and try another input pipe in the itinerary. If noinput pipes 202 are listening, the mobile agent may wait on a particularpeer or alternatively migrate to a peer-to-peer platform relay peer asdescribed below, and wait for a peer on the itinerary to become active(i.e. for the input pipe of the peer to start “listening”). In oneembodiment, the mobile agent may include a “timeout” period for which itwill wait for a peer or peer to become active before giving up andreturning to the initiating peer.

[0092] In one embodiment, the mobile agent may generate a payload thatmay be included in the peer-to-peer platform message(s) including themobile agent and itinerary being passed from peer to peer. When themobile agent returns to the initiating peer, the payload may beextracted from the message(s) and used by the module (e.g. service,application, etc.) associated with this mobile agent.

[0093]FIG. 37 illustrates a mobile agent 1400 according to oneembodiment that may be generated by a peer for use in a peer-to-peernetwork. In one embodiment, a mobile agent 1400 may include one or morefunctions 1410 and an itinerary 1420 for performing one or more tasks onpeers in the peer-to-peer network as specified in the itinerary 1420. Inone embodiment, a mobile agent 1400 may include a payload 1431 that maybe used to store results from the operation of the mobile agent 1400. Inone embodiment, a mobile agent 1400 may include a certificate 1432 orother data that may be used in identification, authentication and/orauthorization of the mobile agent 1400. Embodiments of mobile agents1400 may include other data as may be desired or necessary for theoperation(s) of the mobile agents 1400. Data stored in a mobile agentmay be of variable size, for example growing as the mobile agent 1400gathers more results to store as its payload 1431. Other components of amobile agent 1400 may also change size during the life cycle andoperations of the mobile agent 1400. The payload 1431 may be accessibleto the peer 200, its applications, programs, services, modules, users,hardware, or other computing elements.

[0094] In one embodiment, a mobile agent handler may generate the mobileagent 1400 for the initiating peer. The mobile agent handler may be onthe same node as the initiating peer, or alternatively may be on adifferent node. In one embodiment, a peer may function as a mobile agenthandler.

[0095] Components of a mobile agent 1400 may be selected and configuredto generate a mobile agent 1400 for performing one or more tasks withinthe peer-to-peer network. For example, an initiating mobile agenthandler may select and organize an itinerary 1420. The itinerary 1420may include data indicating network resources such as peer-to-peercommunications channels (e.g. advertisements for pipes as described forthe exemplary peer-to-peer platform described below), peers, and/orother network resources for navigating a peer-to-peer network, asindicated at 1421A-C, which the mobile agent may use or to attempt toreach during operation. For example, the mobile agent 1400 may beimplemented in a peer-to-peer network implemented in accordance with theexemplary peer-to-peer platform described below, and the itinerary datamay include references (e.g. advertisements) to pipes 1-n, as indicatedat 1421A-C, where n is a positive integer. The itinerary data 1421 maybe ordered or formatted according to a structure indicating how a mobileagent may navigate from peer to peer.

[0096] The initiating mobile agent handler may also configure function1410 to indicate operations to occur on hosts of the mobile agent. Someor all of the operations may be performed on host peers in thepeer-to-peer network depending on certain conditions or parameters ofthe mobile agent and/or host peer. For example, function 1410 maydetermine how the mobile agent may use or follow the itinerary 1420 orwhat operations may be performed on peers the mobile agent reaches.Peers may include or function as mobile agent handlers for the mobileagent. Function 1410 may be configured to perform one or more tasks onpeers on the mobile agent's itinerary. Function 1410 may enable a mobileagent to operate with at least limited autonomy from its initiatingmobile agent handler and/or mobile agent handlers of peers on the mobileagent's itinerary. Function 1410 may be a program, a script, or otherelement that is executable or otherwise produces computation on hostpeers. For example, a mobile agent may include a script, and a hostpeer's mobile agent handler may perform computation corresponding to thescript. Alternatively, a mobile agent may include executable code, and ahost peer's mobile agent handler may enable that code to execute.

[0097] In one embodiment, function 1410 may include executable code thatmay be executed on one or more host peers to perform operations asconfigured by its initiating mobile agent handler. For example, function1410 may run as a program or application on a host peer. In oneembodiment, a host peer's mobile agent handler may access the mobileagent and execute operations corresponding to function 1410 withouttreating the mobile agent 1400 or function 1410 as a program orapplication. For example, function 1410 may be a script, which the hostmobile agent handler may follow to perform computation and return data.In one embodiment, computational control remains with the host peer'smobile agent handler, so that the host peer's mobile agent handler mayterminate any computation related to a mobile agent that the peer hosts.In one embodiment, operations of a mobile agent may be performed in oneor more of a plurality of ways, and an operating system or other systemof the host peer may select a computational framework for the mobileagent, such as a virtual machine or a program space, which may implementa mobile agent handler. Whether the mobile agent executes as anapplication, or an application native to the host peer performs theoperations in response to the mobile agent, the mobile agent may beconsidered to perform operations according to the configuration of itshost peer and/or function 1410.

[0098] Function 1410 may be configured to interact in various ways withthe peers hosting the mobile agent. For example, function 1410 may beconfigured to respond to identification requests from host peers, torequest data according to one or more protocols, or otherwise exchangeinformation and services with its host peers. Function 1410 of a mobileagent may be configured to update internal data structures of the mobileagent according to its interactions within the peer-to-peer networkand/or its host peers. In one embodiment, function 1410 may beconfigured to update internal data structures of its host peers. In oneembodiment, data may be stored as part of function 1410, including thepayload data 1431 or data for responding to identification requests fromhost peers, such as a certificate 1432. Similarly, the mobile agent mayreceive data from its host peers, and function 1410 may be configured tostore the data received as part of the mobile agent. In one embodiment,the itinerary 1420 may be stored as part of function 1410.

[0099] In one embodiment, a mobile agent handler may create a mobileagent without a function 1410 if mobile agent handlers that host themobile agent are configured to provide a default or assumed function(e.g. as part of an agreed-upon protocol) and the initiating peer wantsthe default or assumed operations to be performed. Default functions mayreduce the use of bandwidth, as the mobile agent may be smaller. In oneembodiment, a mobile agent may include only itinerary 1420. In oneembodiment, mobile agents may be configured to perform one or more of avariety of default or assumed functions.

[0100] In one embodiment, a mobile agent including only itinerary 1420may operate in the peer-to-peer network as a peer discovery mobileagent. A peer discovery mobile agent may travel from peer to peeraccording to its itinerary to detect whether the peers are still activein the network. Peers hosting such a mobile agent may enable thisfunction according to the specification of a peer-to-peer platformand/or appropriate protocols, such as the exemplary peer-to-peerplatform and peer-to-peer platform protocols described below.

[0101] Function 1410 may be configured to compile results data as partof its operation on host peers and store that data as payload 1431. Inone embodiment, the results data may be stored as part of function 1410.In one embodiment, the results data may be stored as part of itinerary1420, for example by amending the data in itinerary 1420 to indicateresults corresponding to each peer in the itinerary 1420. The resultsdata may be available to the initiating peer upon the mobile agentreturning to the initiating peer. In one embodiment, a mobile agenthandler of the initiating peer may extract the payload 1431 from themobile agent.

[0102] In one embodiment, results data may be sent to the initiatingpeer from a peer hosting the mobile agent 1400. In one embodiment, ifthe mobile agent 1400 cannot or does not return to its home initiatingpeer, the mobile agent 1400 may send the results data to the initiatingpeer. For example, a mobile agent 1400 may include a timer such that themobile agent may expire with the timer and the results gathered by themobile agent at that time may be returned to the initiating peer.Sending only results data instead of the mobile agent 1400 as a wholemay save bandwidth. In one embodiment, results data are sent to theinitiating peer as gathered by the mobile agent 1400. In one embodiment,a mobile agent 1400 may have a size limit and may return to itsinitiating peer node when approaching or exceeding that size limit toprovide the data collected to the home peer before resuming theitinerary. In one embodiment, the size limit may be 4 kilobytes or someother size appropriate to avoid wasting bandwidth in the peer-to-peernetwork. Results data stored within a mobile agent 1400 may be availableto host peers of the mobile agent 1400 so that the data may be sharedwith at least some other peers. In one embodiment, function 1410 may setaccess parameters concerning data that may be used or gathered from itsmobile agent 1400 by host peers.

[0103] In one embodiment, function 1410 may be configured to performmore complex operations on host peer nodes. Embodiments may allow peersto handle mobile agents with different or enhanced functions. In oneembodiment, a mobile agent may be configured to collect a plurality ofdifferent data or perform two or more different services. Host peernodes may collect or be configured to provide additional data orservices to host the mobile agent(s) depending on the requirements ofthe mobile agent(s) that may be used in the peer-to-peer environment. Inone embodiment, the protocols implemented by a peer-to-peer platformsuch as the exemplary peer-to-peer platform described below may provideoperations that may be combined to enable mobile agents to implement avariety of functions.

[0104]FIG. 38 illustrates a peer creating a mobile agent itinerary, forexample as described in FIG. 37, according to one embodiment. Theinitiating peer or mobile agent handler may access data regardingcommunications channels (e.g. pipes as described for the exemplarypeer-to-peer platform described below) in the peer-to-peer network togenerate an itinerary, as indicated at 1451. The pipe data may be partof advertisements in the peer-to-peer network. In one embodiment, otherdata available to the initiating peer regarding the peer-to-peer networkand its peers may be accessed. Some of the pipes information mayindicate whether the corresponding pipes may be dedicated for mobileagents or for other purposes and an itinerary may include pipes that areconfigured to be at least compatible with mobile agents, as indicated at1452. In one embodiment, pipe information may be pre-sorted, so that amobile agent handler may access the appropriate storage to access pipesthrough which mobile agents may be sent. In one embodiment, a mobileagent handler may distinguish between pipes based on other factorsrelevant to the purpose of the mobile agent. For example, a mobile agentmay be created to access a type of databases or find other peers in oneof a plurality of peer-to-peer network. A mobile agent handler may thensearch for advertisements indicating peers that may provide access tosuch databases or limit the search to advertisements with theappropriate peer-to-peer network.

[0105] A mobile agent handler may then select from the available data alist of pipes from which to form an itinerary, as indicated at 1453. Inone embodiment, peers may be reached through different pipes and amobile agent handler may select from the options available. The mobileagent handler may then order the data, as indicated at 1454, which mayindicate some preference of the initiating mobile agent handler as tohow the mobile agent using that itinerary should proceed. In oneembodiment, a mobile agent handler may generate an ordered data setwhile or before selecting the different pipes to be included in anitinerary. For example, a mobile agent handler may rank pipes byreliability to provide a mobile agent a chance to travel as far aspossible and select pipes in that order. In one embodiment, the data maynot be pipes and the mobile agent handler may determine navigationinformation from that data to include in an itinerary similarly, suchthat the navigation information may abstract the details of thepeer-to-peer network topology and/or provide for dynamic handling ofnode failures. The mobile agent handler may then include the data setproduced as an itinerary as part of a mobile agent, as indicated at1455. In one embodiment, a mobile agent handler may format and includethe pipe data during selection, and may perform an ordering of that pipedata in a mobile agent itinerary at any time before the mobile agent islaunched.

[0106] In one embodiment, the initiating mobile agent handler may selectdata corresponding to some known peers of its peer and organize it tocreate itinerary 1420, such as by including information regarding somepeers as well as communication channels in the peer-to-peer network. Forexample, the initiating mobile agent handler may select data concerningpeers in one peer group. The data may be ordered in various ways, forexample according to when there last was communication between theinitiating peer and those peers, other factors, or combination offactors regarding networks and network communications, including volumeof traffic, connectivity, topology, or node reliability.

[0107] In one embodiment, a mobile agent may be structured to includedata regarding its home peer, its unique identification data, atime-to-live or timer, a current destination, an itinerary, and afunction. The function may be one or more Java classes executable on oneor more nodes in the network. The itinerary may be a list of remainingnavigation to be performed, such as pipes to use or peers to visit. Thecurrent destination may be derived from the itinerary data and each hostpeers may update the current destination and itinerary. The time-to-liveor timer may specify how long a mobile agent may wait on a host for aconnection to open or a peer to be reachable before abandoning itsattempts and trying another connection or peer in accord with theitinerary. In one embodiment, the time-to-live or timer may indicate howlong a mobile agent may operate in the peer-to-peer network.

[0108]FIG. 39 illustrates a mobile agent handler generating and using amobile agent according to one embodiment. A mobile agent handler maygenerate a mobile agent in response to an event. The event may be partof a program, clock, timer, operating system, network protocol ormessage, or other computing event that invokes or generates a requestfor a mobile agent. In one embodiment, the event may be a program orother computing element invoking a function of a peer-to-peer platformimplemented using a mobile agent. Some events may not prompt thecreation of a mobile agent, for example if the requesting program oruser is not authorized to invoke mobile agents.

[0109] As indicated at 1501, a mobile agent handler may gather networkdata and generate a mobile agent. The mobile agent may include itinerarydata derived from the network data gathered. The network data gatheredand used, as well as the type of the mobile agent generated, may dependon the event prompting the creation of the mobile agent. Different typesof mobile agents may be created in response to different factors totailor mobile agents for particular tasks. For example, the initiatingpeer may be part of a plurality of peer groups, but the applicationprompting the mobile agent may operate in only one peer group, so thatthe mobile agent created may be configured through its itinerary data tooperate on peers in that peer group. For example, only communicationchannels between peers of that peer group may be included in theitinerary. Similarly, an initiating mobile agent handler may customizethe configuration of the mobile agent's operations. For example, anapplication on the initiating peer may request verification of thestatus of the other peers in one or more peer groups. In response, amobile agent handler of the peer may create a mobile agent fordiscovering the status of peers in the corresponding peer groups. Theinitiating mobile agent handler may configure the mobile agent to gatherdata indicating the status of at least some peers indicated in theitinerary. In one embodiment a module, part of the operating system, orother software of the peer may be responsible for generating mobileagents for the peer, its applications, or other users of thepeer-to-peer network.

[0110] As part of gathering peer data as indicated at 1501, a peer orits mobile agent handler may compile itinerary data for its mobile agentindicating one or more other peers for the mobile agent to visit. Thedata may represent communication channels in the peer-to-peer networkthat imply visiting the peer(s) forming the end-point(s) of eachcommunication channel. In one embodiment, an itinerary includingcommunication channel data may indicate that a mobile agent may travelthrough a plurality of communication channels before operating on theend-point peer. Any data accessible by the initiating peer may beselected and used to produce an itinerary if that data may be helpful tothe mobile agent in moving to the desired peers or through the desiredcommunication channels. For example, the itinerary data may be gatheredfrom data the initiating peers has regarding known peers, existingpipes, the network topology, or generally data about network resourcesor configuration. In one embodiment, the initiating peer may interactwith other nodes in the network to obtain data that may be used increating the mobile agent, particularly the itinerary. The itinerary maybe derived from a plurality of sources, including advertisements, username data, pipe data, and other data indicating resources and peers inthe network accessible to the initiating peer. Different sources ofinformation may be available in different network implementations or indifferent implementations of a network. In one embodiment, a peer maycompile data in anticipation of the data being useful when creatingmobile agents and itineraries.

[0111] A mobile agent handler may include data in the mobile agentindicating its peer as the initiating peer. For example, an ordereditinerary in the mobile agent may indicate the initiating peer byincluding references to the initiating peer at the end of the itinerary.In one embodiment, by default the last peer data in the itinerary dataof a mobile agent corresponds to its initiating peer. In one embodiment,data corresponding to the initiating peer may be stored as part ofanother data structure of the mobile agent rather than as part of theitinerary.

[0112] The initiating mobile agent handler may create the itinerary asan ordered list of peers with information regarding each peer, such aslocation or address in a network. The itinerary data may be organizedsimilarly to a database, with a record containing one or more entriesfor each peer in the itinerary. In one embodiment, an initiating mobileagent handler may configure a mobile agent to process itinerary dataformatted according to one or more structures and may format theitinerary data included in the mobile agent accordingly. In oneembodiment, the initiating mobile agent handler may use a format that isrecognizable by potential host peers of the mobile agent, for exampleaccording to a standard format defined by peer-to-peer protocols or thepeer-to-peer platform implemented. The itinerary data may be a list ofpeers, and the list may be ordered to reduce the time and complexity forthe mobile agent to process or use it. The mobile agent may beconfigured to visit at least some of the peers indicated in itsitinerary. In one embodiment, the mobile agent may be configured todynamically select which peer it may next visit rather than follow anordering that may be indicated by the itinerary data. For example, amobile agent may select the next peer to visit from peers listed in itsitinerary data and the status of the network around its host. Networkstatus may take into account various factors, such as traffic,bandwidth, topology, and number of hops to reach a peer. A mobile agentmay be configured to eliminate peers from consideration for its nextdestination, for example depending on whether going to that peer wouldbe too time consuming, would add to network congestion around a peer,would result in the peer running out of time, or similar factors.

[0113] After generating the mobile agent, the initiating mobile agenthandler may attempt to contact another peer, as indicated at 1502. Theinitiating mobile agent handler may determine the peer to contactaccording to the itinerary for the mobile agent. In one embodiment, theinitiating mobile agent handler or peer provides the mobile agentresources for the mobile agent to attempt to contact a next peer. Forexample, the initiating peer may enable the mobile agent to execute andaccess hardware and/or software resources, such as a network connection.To attempt to contact the next peer, the initiating mobile agent handlermay use information indicating an appropriate communication channel. Forexample, an initiating mobile agent handler may access data indicatingan input pipe. The initiating mobile agent handler may test thecommunication channel or pipe, or open one, to the next peer over towhich to transmit the mobile agent. The mobile agent handler may useappropriate peer-to-peer protocols. In one embodiment, an adequatechannel is a pipe suitable for transmission of a mobile agent where thepeer at the other end is configured to receive a mobile agent.

[0114] The initiating mobile agent handler may determine whethersuccessful contact was established with the next peer to which themobile agent may be sent, as indicated at 1503. For example, theinitiating mobile agent handler may communicate with a mobile agenthandler on the next peer. The initiating mobile agent handler may waitfor indication of successful contact for a specified amount of time. Forexample, the creating mobile agent handler may wait for a messageindicating that a pipe was successfully established according topeer-to-peer protocols. In one embodiment, the initiating mobile agenthandler may “ping” the next peer, for example by sending a message andwaiting for a response indicating the next node may receive the mobileagent. If contact is not successful, the initiating mobile agent handlermay update the mobile agent, as indicated at 1504. For example, theinitiating mobile agent handler may amend or update the itinerary of themobile agent to reflect that contact could not be established with thecorresponding peer. The initiating mobile agent handler may try tocontact another peer as the next peer for the mobile agent to visit, asindicated at 1502 and described above. In one embodiment, if the nextpeer is the initiating peer or the itinerary of the mobile agent isempty, the initiating mobile agent handler may terminate the mobileagent and/or use information derived from the failure to contactitinerary peers. For example, in network advertisements concerning peersthat could not be contacted may be purged. If the initiating mobileagent handler establishes contact with a peer to which to send themobile agent, the initiating mobile agent handler may launch the mobileagent to that next peer, as indicated at 1505. After launching themobile agent, the initiating mobile agent handler may wait for themobile agent to return, as indicated at 1506, with its payload. Themobile agent may return to its initiating peer in response to atime-out, after completing the itinerary, or generally as configured.

[0115] As indicated at 1507, the initiating mobile agent handler mayextract payload data from the mobile agent. The payload data may be usedto update peer advertisements, network topology data, or other datastructures containing information regarding resources in thepeer-to-peer network. In one embodiment, the results data may be passedto a program or other potential user of the information, for example bycreating advertisements based on the information and disseminating themthrough the peer-to-peer network.

[0116] In one embodiment, the initiating mobile agent handler sends andreceives the mobile agent over one or more virtual communicationchannels. In one embodiment, the channels may be controlled or monitoredby a program configured to handle mobile agents. For example, a daemonmay be associated with one or more virtual communication channels of thepeer-to-peer network. A daemon is a program executing directly over anoperating system that may provide an engine or environment so that amobile agent may operate on the host peer through the daemon. A mobileagent handler may include or be implemented as a daemon. For example, apeer may include a daemon, as software and/or hardware, to handleservice requests and resources for mobile agents, which may be a mobileagent handler daemon. In one embodiment, a program monitoring one ormore communication channels may be configured to similarly provide anengine for one or more mobile agents.

[0117] The initiating mobile agent handler or peer may activate orotherwise execute the mobile agent after it is generated. For example,the initiating peer or mobile agent handler may execute the mobile agentor any executable part of the mobile agent as a stand-alone application.Alternatively, the initiating peer may pass the mobile agent to adaemon, so that its function may be executed in that computationalenvironment. The daemon may provide a more secure computationalenvironment in which to execute a mobile agent. For example, memoryaccess of the mobile agent may be intercepted and verified by the daemonto ensure the mobile agent does not impermissibly affect other programsor resources of the peer hosting the mobile agent. In one embodiment,the mobile agent may execute through a demon, within a virtual machine,or in any other computation environment provided by the host peer. Ademon may be similar to a daemon but part of a larger applicationprogram, so that the function provided by a mobile agent may operate aspart of an application for example. The computation environment providedby a host peer to a mobile agent may depend on the level of trustafforded by or security concerns of the host peer with respect to themobile agent. For example, some environments for the mobile agent may bemore secure or may put more limitations than others on a mobile agent.

[0118] The mobile agent may operate as configured to perform one or moreof its assigned tasks. In one embodiment, if a mobile agent makesimpermissible requests or operations, crashes, or otherwise cannotoperate within the environment provided by a host peer, a host peer maysuspend the operations of the mobile agent. In one embodiment, the hostpeer or mobile agent handler may delete the mobile agent to freeresources allocated to the suspended mobile agent. The host mobile agenthandler may access data included in the mobile agent, for example dataregarding the initiating peer of the mobile agent and/or accumulatedpayload data. The host mobile agent handler may notify the initiatingpeer of the mobile agent status. The host mobile agent handler may sendat least some of the payload data to the host peer.

[0119] In one embodiment, an initiating mobile agent handler may beconfigured to launch the mobile agent after it is created withoutactivating, executing, or following instructions from the mobile agent.For example, the initiating mobile agent handler may treat the mobileagent software as non-executable data to include in a message. In oneembodiment, the initiating mobile agent handler may enable the mobileagent to execute to launch itself to its next location but may interceptand/or restrict any other operations of the mobile agent. The mobileagent may determine a peer on which to relocate from its itinerary dataand interact with the initiating mobile agent handler to find acommunication channel and use it to be sent to that other peer. In oneembodiment, sending the mobile agent involves duplicating the data fromthe initiating peer to the next peer. So that multiple copies of themobile agent exist briefly in the peer-to-peer network, the copy of themobile agent on the initiating peer may be then be deleted.

[0120]FIG. 40 illustrates a peer or its mobile agent handler receivingand handling a mobile agent according to one embodiment. A mobile agenthandler may receive the mobile agent, as indicated at 1601, through acommunication channel, such as a pipe. In one embodiment, the mobileagent is sent from a peer in at least one peer group of the receivingpeer and may be routed through one or more nodes in the network. Themobile agent may conform to protocols of the peer-to-peer platform andmay be received as part of a message according to one or more networkcommunication protocols. In one embodiment, a daemon or program otherthan the mobile agent handler may be associated with a communicationchannel to monitor for mobile agents and the receiving peer may receivethe mobile agent over that communication channel.

[0121] The receiving peer or mobile agent handler may determine whetherto host the mobile agent, as indicated at 1602, based on itsconfiguration and/or the configuration of the mobile agent received. Inone embodiment, the determination of whether to host a mobile agent ismade by the mobile agent handler, a daemon, or other program configuredto handle mobile agents for the receiving peer. The receiving mobileagent handler may refuse to host the mobile agent on its peer dependingon one or more factors, including security and availability ofresources. For example, a receiving peer or its mobile agent handler mayalready be handling a large number of other applications or mobileagents and may be configured to reject other requests until currenttasks terminate. A receiving peer may not have sufficient memoryavailable to host the received mobile agent, particularly if thereceiving peer is configured to limit the amount of memory that may beused by mobile agents at a given time.

[0122] In one embodiment, the receiving mobile agent handler may obtaindata from the mobile agent to determine whether to host that mobileagent. For example, a mobile agent may include data identifying themobile agent, such as a unique identification number or certificate, forexample as shown at 1432 in FIG. 37. Identifying data may includecredentials or certificates according to peer-to-peer protocols or otherstandard defined by the peer-to-peer protocols. The mobile agent handlermay access the identifying data and verify it, for example against adatabase in the network or on the receiving peer. In one embodiment, themobile agent structure conforms to peer-to-peer protocols indicating thedata in the mobile agent that may be identifying data, for example bylabeling that data using XML tags according to a peer-to-peer protocol.In one embodiment, the mobile agent may include an interface that may beused to obtain data from the mobile agent, including identifying data ofthe mobile agent. If the identifying data is not appropriate orsufficient for the receiving peer, the mobile agent handler, a daemon,another program, or the receiving peer generally may decline to providean engine for the mobile agent or to follow any instructions from themobile agent, as indicated at 1602. Alternatively, the mobile agent maybe hosted on the receiving peer, as indicated at 1602. In oneembodiment, it may be determined that the mobile agent received wasinitiated from the current peer and may proceed as indicated at 1507 inFIG. 39.

[0123] A peer hosting the mobile agent may perform the operations of themobile agent, as indicated at 1603. For example, the host peer, a mobileagent handler, or some other program of the host peer may performoperations according to instructions included in the mobile agent. Inparticular, a host mobile agent handler may access a script in themobile agent and perform computation according to that script. In oneembodiment, the host mobile agent handler may perform the operation byexecuting executable code of the mobile agent. The mobile agent may beexecuted as a stand-alone program or within a computation framework suchas a virtual machine, a program space, a daemon, a demon, or otherengine enabling the execution of the mobile agent functions provided bythe host peer. The computing environment provided for the mobile agentmay be configured according to security, permissions, or otherparameters and settings that may affect how mobile agent functions areperformed.

[0124] The host mobile agent handler may update one or more of theinternal data structures of the mobile agent, as indicated at 1604, inresponse to operation according to the mobile agent configuration. In onembodiment, where the mobile agent may be executing as an application onthe host peer, the mobile agent may modify data in its data structure inresponse to its operation. The structure and/or content of the mobileagent may be changed during operations according to the mobile agentconfiguration. For example, new peers may be added or removed from theitinerary, data concerning peers in the itinerary may be added to themobile agent, the function of the mobile agent may be modified, or datamay be re-organized.

[0125] In one embodiment, the host mobile agent handler may access somedata stored internally as part of performing operations in response tothe mobile agent. The host mobile agent handler may update the internaldata of the mobile agent to indicate address, configuration, location,status, or provide some other information regarding its peer. Forexample, the host mobile agent handler may be configured to accessadvertisements, such as advertisements according to peer-to-peerprotocols, and compile data for including in the mobile agent. The hostpeer may invoke some of its local or network services on behalf of themobile agent. For example, the host peer may include functions for datasearch and the operations of the mobile agent may concern theavailability of particular data on peers, so that the host peer mayinvoke the data search service to determine if it includes that data.

[0126] In one embodiment, the host mobile agent handler may access datacorresponding to peers, services, data, or other resources in thepeer-to-peer network from its internal data structures or networkresources. The host mobile agent handler may amend the itinerary of themobile agent received to include additional peers for the mobile agentto visit. For example, the mobile agent received may have been launchedto discover or test the status of peers in a peer-to-peer network orpeer group with an itinerary including data for a number of peers knownto the initiating peer. The host mobile agent handler may include dataindicating other peers in the network that were not included originallyon the itinerary of the mobile agent. In one embodiment, the host mobileagent handler may amend the itinerary data of the mobile agent toinclude these other peers. In one embodiment, the host mobile agenthandler may be configured to look for information indicating peers orother resources previously unknown to the received mobile agentcorresponding to configuration parameters for the operation of themobile agent. The host mobile agent handler may then add to theitinerary or other data structure of the mobile agent collected datarelevant to the mobile agent according to configuration parameters ofthe mobile agent and/or the host peer. For example, the mobile agent mayhave been created to discover certain types of peers for the initiatingpeer, such as peers that have certain data, provide certain services,have certain connections, or have some other property or combination ofproperties in the peer-to-peer network.

[0127] In one embodiment, the host mobile agent handler may access datastored as part of a received mobile agent to update its own internaldata structures and may pass it on to its peer. For example, the mobileagent may include more up-to-date data about peers of the host peer. Thehost mobile agent handler may retrieve some of the data from the mobileagent or may use interfaces or services provided by the mobile agent toobtain data from the mobile agent. In one embodiment, the host mobileagent handler may update data within local data structures in responseto the operations of the mobile agent or may enable the mobile agent tomodify, add, and/or delete data from local data structures. In oneembodiment, a host mobile agent handler may request data from the mobileagent and may format the requests according to a peer-to-peer protocol.A host mobile agent handler may change the function of a mobile agent.For example, part of the function of a mobile agent may be to return itsresults to its initiating peer, but its initiating peer may have failed.A host mobile agent handler may adopt a mobile agent by amending theconfiguration of the mobile agent to have the mobile agent return itsresults to its current host. The host mobile agent handler may similarlychange other aspects of the mobile agent, and a host mobile agenthandler may reformat a mobile agent to enable the mobile agent tooperate in a different network, for example. A host mobile agent handlermay change elements of a mobile agent in response to instructions fromthe mobile agent.

[0128] After the host mobile agent handler completes or ends theoperations of the mobile agent's function, the host mobile agent handlermay attempt to relocate the mobile agent to another peer according tothe itinerary of the mobile agent. The itinerary may be an amendeditinerary. The host mobile agent handler may access the itinerary dataof the mobile agent to determine a next peer to which to send the mobileagent. The host mobile agent handler may access the itinerary datathrough a service or interface of the mobile agent. In one embodiment,the host mobile agent handler may invoke a function of the mobile agentthat returns data corresponding to the next peer the mobile agent isconfigured to visit.

[0129] The host mobile agent handler or peer may attempt to contact thenext peer to which to send the mobile agent, as indicated at 1605. Thehost mobile agent handler may use an existing communication channel tothe next peer if available or may establish a connection if required.The host mobile agent handler may follow or use protocols of thepeer-to-peer network to establish a peer-to-peer connection with thenext node. In one embodiment, the host mobile agent handler establishesa pipe to the next peer. If a first contact attempt is not successful,for example if the next peer is not responding, the host mobile agenthandler may repeat its attempts. As indicated at 1606, if a host mobileagent handler cannot contact the next peer, the host mobile agenthandler may interact with the mobile agent and select another peer asthe next peer for the mobile agent. The host mobile agent handler mayupdate the data included in the mobile agent, as indicated at 1604. Forexample, the host mobile agent handler may amend the mobile agent and/ornotify the mobile agent to indicate the failure to reach the next peer.The host mobile agent handler may also interact with the mobile agent asdescribed above to determine another next peer, as indicated at 1605.

[0130] Upon successfully connecting with a next peer for the mobileagent to visit according to the configuration of the mobile agent and/orthe host peer, the host mobile agent handler may send the mobile agentto the next peer, as indicated at 1607. The mobile agent may be sentover a communication channel opened or created when contacting the nextpeer. A peer that hosted a mobile agent may close communication channelsor pipes that were opened or used by the mobile agent. In oneembodiment, a next peer may be determined before or while the operationsof the mobile agent proceed.

[0131]FIG. 41 illustrates the operation of a mobile agent according toone embodiment. A mobile agent handler in a peer-to-peer network maycreate the mobile agent. The mobile agent may include data identifyingits initiating peer in the peer-to-peer network, for example a peeridentifier of the exemplary peer-to-peer platform described below. Inone embodiment, a mobile agent may be configured as described in FIG.37. In one embodiment, a mobile agent handler, an application, aprogram, software, and/or hardware of a peer may be configured togenerate the mobile agent for operating in a peer-to-peer network aspart of or through a peer-to-peer platform implemented on the peer, suchas the exemplary peer-to-peer platform described below. The mobile agentmay be configured to gather data from peers and/or perform variousoperations in the peer-to-peer network.

[0132] A mobile agent may be launched to another peer in the network, asindicated at 1701. An itinerary of the mobile agent may include datacorresponding to its destination in the network. The initiating mobileagent handler may set-up the parameters for communication, format themobile agent for sending to the next peer, and launch the mobile agent.The mobile agent may be transmitted between the initiating peer and thenext peer. In one embodiment, as parts of the mobile agent aregenerated, the initiating peer may send them to the next peer before orwhile other parts may be generated. In one embodiment, rather thanhandle the details of launching a mobile agent directly, the initiatingpeer or mobile agent handler may configure the mobile agent to handleits launch and navigation of the network according to its itinerary andenable the mobile agent to operate according to that configuration. Forexample, the initiating peer may act as a host peer for the mobileagent. For example, its mobile agent handler may activate the mobileagent as an application with access to resources of the initiating peersuch as a network connection. The mobile agent may then determine a nextpeer to visit, arrange for a communication channel to that next peer,and then be launched to the next peer using the communication channel.An initiating peer that enables a mobile agent to operate or execute maybehave toward the mobile agent as a host peer. The mobile agent may beconfigured to use a pipe as the communication channel and may operatethrough the peer-to-peer platform implemented on the initiating peer.

[0133] In one embodiment, a duplicate of the mobile agent is transmittedfrom the initiating peer to the next peer. The copy on the initiatingpeer may be deleted after the mobile agent is launched, for exampleafter receiving confirmation of the transmission from the next peer. Theexecution state of the mobile agent, for example the data in the heap,stack, and other data structures may be reflected in the mobile agent astransmitted to the next peer to enable the next peer to host the mobileagent to properly execute the mobile agent. For example, a new host forthe mobile agent may configure a memory space for the mobile agent withthe settings and data that the mobile agent had on its last host beforelaunching, so that the mobile agent may pick up execution where it wasleft off. In one embodiment, a mobile agent may put its internal data ina state enabling it to restart computation from scratch at a new hostpeer. For example, the mobile agent may perform updates to its itineraryand other data structures so that when the mobile agent is next executedit need not be aware of previous operations on other hosts; a host peermay execute the mobile agent as a new program.

[0134] In one embodiment, the mobile agent launches to a next peer, asindicated at 1701, through a designated pipe of the peer-to-peer networkthat has the next peer as its end-point. The pipe end-point may bemonitored on the next peer, for example by a mobile agent handler, adaemon or other program configured to handle data received through thepipe. An initiating peer may create a pipe in the network to the nextpeer to form a peer-to-peer connection over which to launch the mobileagent. In one embodiment, the mobile agent may be routed through one ormore nodes of the network forming parts of the pipe before reaching thenext peer. For example, the initiating peer may implement a peer-to-peerplatform that is configured to provide a protocol for establishing apeer-to-peer connection to another node in the network implementing asimilar peer-to-peer platform. The protocol may establish acommunication channel to enable peer-to-peer interaction between theinitiating peer and the next peer. The communication channel may involveone or more connections and nodes in the network, so that the mobileagent may travel through one or more network nodes between itsinitiating peer and the next peer on its itinerary.

[0135] After reaching the next peer, the mobile agent may access itshost mobile agent handler or peer, as indicated at 1702. For example,the mobile agent may obtain access to resources on the host peer such asmemory, network resources, and/or processor time for the mobile agent toperform its functions. In one embodiment, the mobile agent may beconfigured to request resources of its host peer. Accessing the hostpeer may involve housekeeping functions such as allocating memory,declaring methods, and/or establishing an interface with other elementsof the host peer. The mobile agent may be configured to provide the hostpeer information regarding services the mobile agent may provide. Forexample, the mobile agent may provide data indicating interfaces of themobile agent according to a peer-to-peer protocol. The host peer mayinteract with the mobile agent by invoking functions of the mobile agentthrough the interface as indicated by the mobile agent. In oneembodiment, the mobile agent may be formatted so that a host mobileagent handler may recognize the data and services that a mobile agentmay provide. For example, a mobile agent may use HTML or XML tags toindicate data and provide information about its interface and theservices the mobile agent may provide. In one embodiment, interactionsbetween a host mobile agent handler and a mobile agent are performedaccording to a common peer-to-peer protocol. In one embodiment, the hostpeer may operate with the mobile agent through a peer-to-peer platformimplemented on the host peer and providing peer-to-peer protocolscompatible with the configuration of the mobile agent received.

[0136] In one embodiment, a mobile agent handler receiving a mobileagent may deny access to the received mobile agent, ensuring that thepeer will not function as a host. For example, security reasons orincompatible configurations or parameters may prompt the receiving peerto not host the mobile agent received. The receiving mobile agenthandler may instead relocate the mobile agent, for example as describedabove for FIG. 40. Relocation may be invisible to the mobile agent, asthe receiving peer may change the mobile agent in such a way that themobile agent may continue to operate after being relocated withoutdisruption and/or may not otherwise interact with the mobile agent. Forexample, the receiving mobile agent handler may attempt to determinefrom the itinerary of the mobile agent some other peer to which themobile agent might be sent. The receiving mobile agent handler may amendthe mobile agent to configure it to expect to operate on the other peer.The receiving mobile agent handler may then launch the mobile agent tothe other peer.

[0137] In one embodiment, the receiving mobile agent handler may returna mobile agent to its initiating peer or to the peer that sent themobile agent to the receiving peer. In one embodiment, a receivingmobile agent handler may terminate or delete a mobile agent. If areceiving mobile agent handler terminates a mobile agent, the peer thatcreated the mobile agent may be notified that its mobile agent wasterminated. Deleting a mobile agent may be performed if a mobile agenthandler that receives or hosts a mobile agent determines that the mobileagent may be a threat to its peer, network, other nodes, or otherresources. For example, the mobile agent handler may detect that themobile agent is infected with a virus or other code that may cause someunexpected or undesirable event. In one embodiment, a receiving mobileagent handler may attempt to correct or clean a mobile agent from itserrors or viruses. In one embodiment, a mobile agent may include data ormay be configured to provide data to a peer so that the peer maydetermine whether to host the mobile agent. For example, the mobileagent may include data certifying its authenticity, its integrity,and/or its origin. A host mobile agent handler may access one or morenetwork resources to check the validity of such data or rely on keys,algorithms, encryption, or other security tools that may be implementedas part of its peer-to-peer platform.

[0138] The mobile agent may determine whether the peer hosting themobile agent is the peer that initiated the mobile agent, as indicatedat 1703. If the host peer is not the initiating peer, the mobile agentmay perform one or more functions as indicated at 1704. For example, themobile agent may provide some service on or gather data from the hostpeer. The mobile agent may interact with the host peer as part ofperforming its functions. In one embodiment, the mobile agent may use oraccess resources of the host peer such as data regarding thepeer-to-peer network. The host peer may provide services for the mobileagent to access local data. For example, the host peer may providefunctions for data search. Host services may be advertised according topeer-to-peer protocols and accessible by the mobile agent according topeer-to-peer protocols.

[0139] The mobile agent may update its internal data, as indicated at1705, using information obtained from the host peer or from itsoperations on the host peer. In one embodiment, the mobile agent mayaccess data on the host corresponding to peers, services, data, or otherresources in the peer-to-peer network. The mobile agent may update itsitinerary to indicate that it visited its current host, what operationswhere performed, and/or results obtained. In one embodiment, a mobileagent may wait until it reaches the next peer to update its itinerary toindicate that it visited the previous peer. After indicating that itvisited a peer, a mobile agent's itinerary may ensure that the mobileagent does not visit that peer again.

[0140] In one embodiment, the mobile agent may be configured to amendits itinerary to include additional peers to visit. For example, amobile agent may be launched to discover or test the status of peers ina peer-to-peer network with an itinerary including data for a number ofpeers known to the initiating peer. Upon reaching one of the peers onits itinerary, the mobile agent may access data indicating other peersin the network that were not included originally on its itinerary. Inone embodiment, the mobile agent may amend its itinerary data to includethese other peers. The mobile agent may be configured to look forinformation indicating previously unknown peers or other resources. Themobile agent may add to its itinerary some of the peers it discovers butnot others, according to parameters established by its initiating peerin its configuration. For example, the mobile agent may have beencreated to discover certain types of peers for the initiating peer, suchas peers that have certain data, provide certain services, have certainconnections, or have some other property or combination of properties inthe peer-to-peer network.

[0141] In one embodiment, a mobile agent may share its internal datawith its host. A mobile agent may send some of its internal data to itshost mobile agent handler, peer, programs, hardware, or other element ofthe host peer. A host may request data from a mobile agent according toa peer-to-peer protocol. In one embodiment, the host mobile agenthandler may access data from the mobile agent it is hosting. The hostmay parse the mobile agent searching for tags, keywords, or otherindicator according to a standard protocol that describe the data storedin mobile agent.

[0142] After completing its operations on its current host, a mobileagent may attempt to contact another peer to which it may relocateselected according to its itinerary, as indicated at 1706. The mobileagent may access its itinerary data to determine which peer it shouldnext visit. The mobile agent may be configured to perform one or moreattempts to establish a peer-to-peer connection, such as a pipe, to thenext peer. In one embodiment, the mobile agent may access its host todetermine if a communication channel between its host and next peer tovisit already exists and may use that connection if possible. In oneembodiment, the mobile agent may request a suitable connection to itsnext peer from its host peer using a protocol of the peer-to-peerplatform implemented by its host.

[0143] Depending on whether contact can be established to the next peerthe mobile agent is configured to visit, as indicated at 1707, themobile agent may launch to the next peer and continue operating fromthere, as indicated at 1702, or may note that it could not contact thatpeer and select another next peer to visit, as indicated at 1705. Themobile agent may repeat 1701-1707 until the mobile agent reaches itsinitiating peer, as indicated at 1703. Upon reaching its initiatingpeer, the mobile agent may include payload data for the initiating peer.In one embodiment, the mobile agent may return payload data bytransmitting the payload data from a host peer to the initiating peer.The mobile agent may be prompted to return its payload data by theexpiration of a clock, a timer, or a host peer, even if its host peer isnot its initiating peer.

[0144] Peer Group Presence Detection

[0145] Embodiments of a mobile agent may be configured to travel in apeer group along an itinerary to determine the status of the peers inthe peer group. For example, the mobile agent function may be configuredto record as the mobile agent payload the list of peers successfullyvisited. The function may be configured to update the list at each peerit reaches. In one embodiment, a mobile agent may update its payloadafter determining that it may travel to another peer and before reachingthat peer. In one embodiment, if a mobile agent cannot reach a peerindicated by its itinerary, the mobile agent may record this status orignore that peer and then proceed to attempting to reach another peer onits itinerary.

[0146] In one embodiment, a mobile agent may be launched by aninitiating peer in a peer group (e.g. at varying or periodic intervals)to attempt to visit each member peer in a peer group. The itinerary ofthe mobile agent may include information for accessing each member peerof the peer group (e.g. an advertisement for a mobile agent input pipefor each of the member peers). The mobile agent may return to itsinitiating peer with a payload indicating which of the member peers itwas successful in contacting and visiting (or alternatively indicatingwhich of the member peers it was unsuccessful in contacting andvisiting).

[0147]FIG. 42 illustrates a member peer in a peer group using a mobileagent to detect peer group member presence according to one embodiment.In one embodiment, the peer group may be implemented in a peer-to-peernetwork implemented according to the exemplary peer-to-peer platform asdescribed below. In this embodiment, each peer 200 in peer group 210 mayadvertise an input pipe for receiving incoming mobile agents, e.g. whena particular module (e.g. service, application, etc.) is active. In thisexample, peers 200A, 200B, and 200D are members of peer group 210, andpeers 200C and 200E are not member peers. Peer 200A may, if desired,generate and launch a mobile agent 1400 to detect peer group memberpresence. The mobile agent may include an itinerary of advertised pipesfor member peers. The mobile agent 1400 may travel to each member peerin its itinerary, and return to the originating peer 200A when done. Thepeer 200A may then access the mobile agent's payload to determinecurrent peer group presence at the time of the mobile agent's visit(s).In one embodiment, mobile agents 1400 may be used by modules (e.g.services, applications, etc.) to detect peer group presence of otherinstances of the module in the peer group.

[0148] As an example, an information management (IM) application maycreate an input pipe with a name formatted according to:

<user handle>.agentDaemon.IMapp

[0149] For example:

UserName.agentDaemon.IMapp

[0150] Note that the name format and example are exemplary and are notintended to be limiting. The name may then be advertised in a pipeadvertisement along with a unique identifier (e.g. a URN or UUID asdescribed below for the exemplary peer-to-peer platform).

[0151] If:

UserName(i), i=1 . . . n

[0152] were then in a given peer group, p, such as peer group 210 ofFIG. 42, each such member may use the peer-to-peer platform pipediscovery protocol to find as many of these advertisements as possible,and may add to this list other usernames that the member may haveacquired by other methods (e.g. received in other advertisements), thusgiving each such peer group member a “buddy list” (note that the buddylist does not necessarily include all of the members of the peer group):

UserName(k), k=1 . . . m

[0153] Each member peer running the IM application may then, whendesired, launch a mobile agent on the peer-to-peer network with the“buddy list” of pipe names as an itinerary, along with the associateddaemon pipe name of the originating peer so that the mobile agent mayreturn to the originating peer after attempting to visit the owner ofeach advertised pipe. In one embodiment, the mobile agent may belaunched periodically.

[0154] In one embodiment, the mobile agent may include a “presencetemplate” constructed at the originating member peer that may includeone or more of, but is not limited to, the following elements:

[0155] Home—the originating peer's application daemon pipe name.

[0156] Unique identifier—Identifier used by the daemon as a launchidentifier.

[0157] Time-to-live—Indicates how long to wait before abandoning aparticular pipe on the itinerary.

[0158] To—The immediate destination peer's daemon pipe name.

[0159] Itinerary—The remaining list of daemon pipe names to visit.

[0160] Return payload—Application-dependent return data.

[0161] Class—A class (e.g. Java class) that may be executed on eachpeer.

[0162] Parameters—May be passed to a Class at execution time.

[0163] Signature—Used to guarantee a Class's integrity (e.g. a subset ofan X509.V3 certificate).

[0164] For the presence mobile agent, the return payload may be a listof peers successfully visited. Mobile agents for other tasks may haveother payloads.

[0165] When a presence mobile agent arrives at a peer on its itinerary,the peer may update the return payload, and then may attempt to contacta next peer on the itinerary. In one embodiment, the peer may acquirethe pipe advertisement from the itinerary (or alternatively acquire thepipe advertisement from elsewhere using information in the itinerary).If the pipe advertisement is acquired, the peer may attempt to open theadvertised pipe. If successfully opened, the peer may attempt to send amessage with appropriately updated “To”, “Itinerary”, and “Returnpayload” fields to the input pipe specified by the advertisement. If theabove is successful, the mobile agent arrives at the next itinerary hop.If failure occurs at any point, then the next “hop” on the itinerary maybe selected and the above repeated until the mobile agent successfullyreaches a “hop” on the itinerary or is returned to the originating peerif no “hops” are reached. When the mobile agent returns to theoriginating peer, the active “buddy list” may be made current using thepayload of the mobile agent.

[0166]FIG. 43 is a flowchart illustrating detecting presence in a peergroup using a mobile agent according to one embodiment. As indicated at1790, an initiating peer node launches a mobile agent including anitinerary of a group of peer nodes to be visited. In one embodiment, theitinerary may be generated from presence information indicating memberpeer nodes that may be present in the group. The initiating peer nodeand the peer nodes indicated by the itinerary are member peer nodes inthe group of peer nodes in a peer-to-peer network. To launch the mobileagent, the initiating peer node may send the mobile agent to a firstpeer node indicated by the itinerary. In one embodiment, the initiatingpeer node may determine a first peer node on the itinerary that isavailable to receive the mobile agent.

[0167] As indicated at 1792, the mobile agent collects indications ofpresence in the group of peer nodes indicated by the itinerary. Tocollect the indications of presence, the mobile agent may visit one ormore of the plurality of peer nodes indicated by the itinerary. A peernode indicated by the itinerary and available to receive the mobileagent may receive the mobile agent from a previous peer node (either theinitiating peer node or one of the peer nodes on the itinerary). In oneembodiment, on a visited peer node, an indication that the peer node hasbeen visited by the mobile agent may be stored in a payload of themobile agent. The visited peer node may then send the mobile agent to anext peer node indicated by the itinerary. In one embodiment, the peernode may select a next peer node indicated by the itinerary as a targetpeer node. The peer node may determine if the target peer node isavailable to receive the mobile agent. If the target peer node is notavailable to receive the mobile agent, the peer node may select asubsequent (unvisited) peer node as the target peer node and determineif the target peer node is available to receive the mobile agent. In oneembodiment, this process may continue until either a target peer node isfound that is available to receive the mobile agent or until theitinerary is exhausted (i.e. there are no more unvisited peer nodes thatare available to receive the mobile agent on the itinerary).

[0168] If a target peer node is found that is available to receive themobile agent, the peer node may send the mobile agent to the target peernode. If the itinerary is exhausted before finding an available targetpeer node, the peer node may return the mobile agent to the initiatingpeer node. In one embodiment, the mobile agent may include contactinformation for returning the mobile agent to the initiating peer node.Thus, the mobile agent may continue visiting available peer nodes on theitinerary until the itinerary is completed. At each successfully visitedpeer node, an indication that the mobile agent has visited the peer nodemay be stored in the mobile agent to indicate the visited peer node ispresent in the peer group. When the mobile agent returns to theinitiating peer node, the mobile agent provides the presence indicationsof the one or more visited peer nodes on the itinerary that weresuccessfully visited to the initiating peer node

[0169] As indicated at 1794, the initiating peer node may then updatethe presence information indicating presence of member peer nodes in thegroup in accordance with the indications provided by the mobile agent.In one embodiment, the initiating peer node may indicate in the presenceinformation that one or more of the plurality of peer nodes not visitedby the mobile agent are not present in the group of peer nodes. In oneembodiment, the initiating peer node may remove from the presenceinformation indications that one or more of the plurality of peer nodesnot visited by the mobile agent are present in the group of peer nodes.

[0170] In one embodiment, the initiating peer node may subsequentlylaunch the mobile agent with an itinerary indicating member peer nodesindicated as present in the peer group as indicated by the updatedpresence information. In one embodiment, other member peer nodes maylaunch mobile agents with itineraries indicating other member peers inthe peer group to update presence detection on the other member peernodes. In one embodiment, the initiating peer node may provide thepresence information to other member peer nodes in the group. In oneembodiment, the initiating peer node may launch mobile agents includingitineraries of member peer nodes in other groups of peers in which theinitiating peer node is a member to update presence information for theother peer groups.

[0171] In one embodiment, the peer nodes in the peer-to-peer network maybe configured to implement a peer-to-peer environment according to apeer-to-peer platform such as the exemplary peer-to-peer platformdescribed below which includes one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, join peer groups, and send and receivemobile agents in the peer-to-peer environment. In one embodiment, pipesimplemented according to the peer-to-peer platform may be used to sendthe mobile agent between peer nodes on the itinerary.

[0172] Collaborative Content Control

[0173] Version control may be a concern when performing collaborativecontent sharing in a peer-to-peer environment such as a peer-to-peerenvironment implemented according to the exemplary peer-to-peer platformdescribed below. For example, if a peer group is formed to docollaborative content writing, and its members are sharing and editingone or more of these documents, a mechanism may be desired or requiredto guarantee that edits are applied to most recent version of thesedocuments. Embodiments of the system and method for implementing mobileagents in the peer-to-peer environment may be configured to performversion control for collaborative content sharing among groups of peersin peer-to-peer networks.

[0174] In one embodiment, when a group of n peers is formed that maydesire or require collaborative content sharing, each member peer in thegroup may generate a communications channel (e.g. input pipe asdescribed for the exemplary peer-to-peer platform) to receive incomingmobile agents. Each mobile agent may have as an itinerary an identifieror other indicator for the communications channels (e.g. input pipes) ofthe other members of the peer group. In one embodiment, n may bevariable, as peers may join and leave the group dynamically. In oneembodiment implemented according to the exemplary peer-to-peer platform,the value of n may be determined by the peer-to-peer platform pipediscovery protocol.

[0175] Given the itinerary, one or more of the peer group members maylaunch mobile agents to resolve version conflicts of a given set ofdocuments d(i), i=1 . . . k. In one embodiment, the document names maybe included in a mobile agent. In one embodiment, the document names maybe part of a mobile agent payload. In one embodiment, a mobile agent mayalso include a function to perform conflict resolution at each peer thatit visits. In one embodiment, the function may be a Java class. In oneembodiment, the Java class may be a certified Java class.

[0176] In one embodiment, the mobile agent may collect versioninformation from each visited peer for each document and return to theinitiating peer. Upon returning to the initiating peer, the mobile agentmay include a list of visited peers and document versions on the visitedpeers. In one embodiment, the mobile agent may also include content sizeof the documents. In one embodiment, the documents may be ranked, forexample from most recent to least recent versions.

[0177] In one embodiment, the mobile agent may return the actualdocument(s) with the highest (latest) version. Alternatively, areference to the document(s) with the highest (latest) version may bereturned. In one embodiment, a document reference may include anidentifier (e.g. a URI, URN, or UUID) for the document and acommunications channel (e.g. pipe) identifier for accessing thedocument. In one embodiment, the document identifier may beapplication-dependent. The initiating peer may then acquire a highest(latest) version of the document if desired. Returning a referencerather than the actual document may help decrease bandwidth usage, as apeer may acquire the document only if desired or necessary.

[0178] In one embodiment, documents may be write locked to permit memberpeers in the group of peers to become coherent before a collaborativeediting session begins. In one embodiment, a mobile agent to performversion control for peer groups using collaborative context sharing maybe launched before, during, and/or after an editing session as long aswrite locking is performed during the session. In one embodiment, mobileagents may be used to gather and return active document informationincluding document names during an editing session. One embodiment mayinclude a user interface for presenting gathered document information.

[0179] In one embodiment, visited peers may use the accumulated payloadto determine if their version of the document(s) are up to date and, ifnot, may add a version update request to the payload. Upon receiving thefinal payload, the initiating peer may send the most recent versioninformation to peers that added version update requests to the payload.

[0180]FIG. 44 is a flowchart illustrating collaborative content controlin a peer group using a mobile agent according to one embodiment. Asindicated at 1800, an initiating peer node may launch a mobile agentincluding an itinerary of a group of peer nodes to be visited andindications of one or more documents that the group of peer nodes arecollaboratively editing in an editing session. In one embodiment, tolaunch a mobile agent, the initiating peer node may send the mobileagent to a first peer node indicated by the itinerary.

[0181] As indicated at 1802, the mobile agent may visit one or more ofthe subset of the plurality of peer nodes indicated by the itinerary tocollect version information for the one or more documents on the one ormore visited peer nodes. In one embodiment, the version information mayinclude indications of versions for each of the one or more documents onthe peer nodes indicated by the itinerary and indications of thecorresponding peer nodes including the indicated versions. In oneembodiment, the indications of versions and the correspondingindications of peer nodes may be stored in the mobile agent in one ormore lists each sorted from a most recent to a least recent version ofthe corresponding document. In one embodiment, the version informationmay include size information for each version of each of the one or moredocuments. In another embodiment, the most recent version of each of theone or more documents may be included in the mobile agent. In oneembodiment, the mobile agent may store the collected version informationin a payload of the mobile agent. To provide the version information tothe initiating peer node, the mobile agent may return to the initiatingpeer node with the payload after visiting the one or more of the subsetof the plurality of peer nodes indicated by the itinerary.

[0182] In one embodiment, the version information may include areference to the most recent version of each of the one or moredocuments. A reference may be used for accessing the correspondingdocument on the peer-to-peer network. In one embodiment, the referencemay include a Uniform Resource Indicator (URI), such as the URIsdescribed for the exemplary peer-to-peer platform described below,corresponding to the document. In one embodiment, the reference mayinclude a communications channel identifier such as the pipe identifiersdescribed for the exemplary peer-to-peer platform described below. Inone embodiment, the reference may include an advertisement such as thepipe advertisements described for the exemplary peer-to-peer platformdescribed below.

[0183] In one embodiment, each visited peer node may receive the mobileagent from a previous peer node. The version information for versions ofthe one or more documents on the peer node may be stored in a payload ofthe mobile agent. The peer node may then send the mobile agent to a nextpeer node. In one embodiment, to send the mobile agent to a next peernode, the peer node may determine if the mobile agent has completed theitinerary. If the mobile agent has not completed the itinerary, the peernode may send the mobile agent to a next peer node indicated by theitinerary. If the mobile agent has completed the itinerary, the peernode may return the mobile agent to the initiating peer node.

[0184] As indicated at 1804, after receiving the version informationcollected by the mobile agent, the initiating peer node may coordinateeach of the one or more documents on the group of peer nodes to a mostrecent version in accordance with the version information provided bythe mobile agent. In one embodiment, to coordinate each of the one ormore documents, the initiating peer node may first lock the one or moredocuments to limit access to the documents during coordination. In oneembodiment, to coordinate each of the one or more documents, theinitiating peer node may provide the most recent version of each of theone or more documents to one or more other peer nodes in the group ofpeer nodes. In another embodiment, to coordinate each of the one or moredocuments, the initiating peer node may provide access information forobtaining the most recent version of each of the one or more documentsto one or more other peer nodes in the group of peer nodes.

[0185] In one embodiment, the initiating peer node may coordinate eachof the one or more documents on the group of peer nodes to the mostrecent version prior to, during, and/or after an editing session on thedocument. To coordinate the documents during an editing session, thedocuments may be locked to limit access to the documents duringcoordination.

[0186] In one embodiment, the peer nodes in the peer-to-peer network maybe configured to implement a peer-to-peer environment according to apeer-to-peer platform such as the exemplary peer-to-peer platformdescribed below which includes one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, join peer groups, share content includingcollaboratively edited documents, and send and receive mobile agents inthe peer-to-peer environment. In one embodiment, pipes implementedaccording to the peer-to-peer platform may be used to send the mobileagent between peer nodes on the itinerary.

[0187]FIG. 45 illustrates a host peer operating in response to a mobileagent configured to perform version control according to one embodiment.The mobile agent may travel through the network according to itsitinerary while collecting version information from peers concerning oneor more documents stored or accessible by the peers. In one embodiment,the mobile agent may collect other information, such as file sizes,creation dates, peers that originated the documents, and other similarproperties of data files. File information may be stored with each file.In one embodiment, a peer may store file information with each localfile or may generate the information in response to a request from amobile agent.

[0188] A peer may receive and determine whether to host a mobile agent,as indicated at 1810-11. The mobile agent hosted may then direct thepeer node to obtain version information concerning one or more datafiles accessible by the peer node. In one embodiment, the peer node maysearch for accessible data files and select relevant data files, asindicated at 1812. The search for accessible data files may involve allfiles stored locally by the peer node or may be limited. For example,some local files may not be accessible or visible to the peer-to-peerenvironment for security purposes, or according to user configurationsor other configuration. The mobile agent may include data indicatingaccessible data files of interest for selection. In one embodiment, themobile agent may include one or more identifiers such as a file name, ahandle, and/or other identifier. The peer node may then select matchingdata files found by the search according to the identifier(s). Forexample, the mobile agent may include data indicating interest in fileswith a particular name extension, such as “sxi”, “doc” or “txt.” Thepeer node may then select the files found that match criteria indicatedby the mobile agent. In some circumstances, a peer node may not find anyrelevant data files, and may indicate this to the mobile agent.

[0189] To prevent modifications that would reduce the usefulness ofinformation collected about selected data files, in one embodiment apeer node may write lock the selected data files, as indicated at 1813.A write lock may involve accessing a property setting of a data file,for example configuring a read/write data file as read only. Versioninformation may then be gathered about the selected data files, asindicated at 1814. In one embodiment, a write lock is not performed. Inthis embodiment, as the file may be modified, the version informationcollected may not always be accurate. In one embodiment, a write lockmay also be released and files changed after information is collected.

[0190] The version information collected may then be stored as part ofthe mobile agent payload, as indicated at 1815. In one embodiment, theversion information may be stored with version information alreadystored in the payload. For example, the mobile agent payload may form adatabase and collected version information may be added to the database.The data may be ordered according to one or more of size, date, versionor revision number, or other property or combination of properties. Theinformation may include data enabling a peer to retrieve a data filefrom another peer.

[0191] In one embodiment, the payload may include actual data files. Thepeer node hosting the mobile agent may add data files to the payloadand/or may replace files in the payload with files found locally. Forexample, the mobile agent may be configured to search for the latestversion of a particular data file and the payload may include an olderversion of that file if found locally. The peer node may thereforereplace the file in the payload with a copy of the local file withcorresponding version information. In one embodiment, the mobile agentmay prompt its host peer to send the version information or the actualfiles to its home peer node directly to reduce bandwidth use and/or toprovide for failure management. As the data collected, whether files orversion information, may be large, accumulating the data in the mobileagent may result in a significant consumption of resources in bandwidthand storage. Moreover, if the mobile agent fails or is otherwiseterminated, the home peer may have received at least some data and maybe able to determine which peer nodes the mobile agent visited. The homepeer may then use a similar mobile agent with an itinerary configured tocontinue the work of the previous mobile agent. In another embodiment, amobile agent may be configured to return to its home peer under certainconditions so that it may return results in smaller amounts, for exampleif and when the mobile agent reaches a size limit or visits a particularnumber of peer nodes.

[0192] The peer node may use the itinerary to determine a next peer towhich the mobile agent is to be sent, and may send the mobile agent tothat next peer, as indicated at 1817 and 1819. The home peer node of themobile agent may receive the version information collected from one ormore peers. The data may be analyzed to determine which peer stores themost up-to-date version of a data file and the home peer may thencommunicate with that peer to obtain a copy of the data file. In oneembodiment, the home peer may notify one or more other peers of the peerstoring the latest version, and the peer nodes may synchronize byupdating corresponding data files to the latest version. In oneembodiment, the home peer may send peers a copy of the latest version. Ahome peer node may use the results from the mobile agent for otherpurposes, such as cataloging files or finding backups and previousversions.

[0193] In one embodiment, peers storing files with the same or differentversions with version control may form a peer group. The membership ofthe peer group may be changed, or another peer group may be formed, inresponse to the results from the mobile agent. Mobile agent itinerariesmay be limited to visit members of one or more peer groups to makeoperations more efficient.

[0194] Digital Rights Management

[0195] Peer-to-peer platforms such as the exemplary peer-to-peerplatform described below may permit independent developers to writecontent distribution and/or sharing applications for copyright-sensitivedata such as music and video. Embodiments of the system and method forimplementing mobile agents in the peer-to-peer environment may beconfigured to provide digital rights management on peers in peer-to-peernetworks. Embodiments may allow vendors or others to create and usevendor-certified mobile agents for performing digital rights managementin peer-to-peer networks. These embodiments may, for example, helpcombat copyright theft to permit legal distribution and sharing ofcopyrighted material in peer-to-peer networks.

[0196] In one embodiment, a mobile agent may include or specify afunction to be performed on visited peers. In one embodiment, thefunction may be an executable Java class. In one embodiment, the Javaclass may be a certified (signed) Java class. Using certified Javaclasses may help prevent fraudulent mobile agents from masquerading asvendor-certified digital rights management mobile agents.

[0197] In one embodiment, a distributor of copyright-sensitive contentfor sale may distribute this content to a subscriber peer group (e.g. apeer group implemented according to the exemplary peer-to-peer platformdescribed below) running a content sharing network module (e.g.application, service, etc.), for example, a module as described for theexemplary peer-to-peer platform. In one embodiment, each member of thepeer group that runs this module may include a mobile agent listeningservice, and may advertise the mobile agent listening service. In oneembodiment, the mobile agent listening service may be advertised with acommunications channel (e.g. pipe) advertisement such as a pipeadvertisement of the exemplary peer-to-peer platform described below.The distributor may discover or be informed of all such advertisedmobile agent listening services. In one embodiment, the distributor maybe made aware of all such advertisements via a discovery protocol suchas the discovery protocol described for the exemplary peer-to-peerplatform.

[0198] Given a set of n subscribers, each of which may be capable ofsharing purchased copyright material among other subscribers in the set,a content distributor may launch digital rights management mobile agentswith one or more of the n subscribers on their itineraries. In oneembodiment, the itineraries may include communications channel (e.g.pipe) identifiers or other information for identifying and communicatingthe subscriber peers on the itineraries. These digital rights managementmobile agents may visit as many subscriber peers on their itineraries aspossible (e.g. those peers that are available when the mobile agentattempts to visit). The function included in or specified by the mobileagent may examine each visited peer's system, searching for copyrightedmaterial that the peer has either purchased or acquired from anotherpeer. The mobile agent may return to the content distributor with thisinformation for analysis after completing its itinerary traversal.Digital rights management mobile agents may be used by the contentdistributor in detecting and minimizing theft of copyrighted material inthe peer-to-peer supported marketplace.

[0199] In one embodiment, when a content distribution module (e.g.application, service, etc.) is downloaded by a peer, the module mayinclude one or more of a root certificate of the content distributor, aroot certificate of an affiliate of the content distributor, and/or aroot certificate of a certificate authority that has signed either thedistributor's or an affiliate's service certificate. The contentdistribution module may then be able to verify the signature of apayload of certified digital rights management mobile agents when such amobile agent visits the peer. If the root certificate was created by thedistributor or its affiliate, in one embodiment the certificate mayinclude the public key of the public/private key pair associated withthe certificate and an algorithm used for signing the payload (e.g.SHA-1 with RSA). If the certificate is a certificate authority rootcertificate, the service certificate may arrive as part of the digitalrights management mobile agent's payload, and may be signed by thecertificate authority. The service certificate may include theappropriate public key used to verify the signature of the payload.

[0200] Upon arrival at a peer, a digital rights management mobile agentmay be verified as certified by validating its signature. If certified,the digital rights management mobile agent may be permitted to run thefunction it includes or indicates to search for copyrighted material ofthe distributor associated with the digital rights management mobileagent on the peer.

[0201]FIG. 46 is a flowchart illustrating using a mobile agent to detectunauthorized copies of content according to one embodiment. As indicatedat 1820, an initiating peer node may launch a mobile agent including anitinerary of a group of peer nodes configured to receive and sharecontent from a distributor. In one embodiment, to launch a mobile agent,the initiating peer node may send the mobile agent to a first peer nodeindicated by the itinerary.

[0202] As indicated at 1822, the mobile agent may visit one or more ofthe subset of the plurality of peer nodes indicated by the itinerary tocollect information on distributor content stored on the visited peernodes. In one embodiment, to collect information on distributor contentstored on the one or more visited peer nodes, the mobile agent maysearch content on each visited peer node to locate distributor contenton the peer node. In one embodiment, the information on distributorcontent located on the visited peer node may be stored in a payload ofthe mobile agent. In one embodiment, to provide the information on thedistributor content to the initiating peer node, the mobile agent mayreturn the payload to the initiating peer node after visiting the one ormore of the subset of the plurality of peer nodes indicated by theitinerary.

[0203] In one embodiment, each visited peer node may receive the mobileagent from a previous peer node. Information on distributor contentstored on the peer node may be stored in a payload of the mobile agent.The peer node may then send the mobile agent to a next peer node. In oneembodiment, to send the mobile agent to a next peer node, the peer nodemay determine if the mobile agent has completed the itinerary. If themobile agent has not completed the itinerary, the peer node may send themobile agent to a next peer node indicated by the itinerary. If themobile agent has completed the itinerary, the peer node may return themobile agent to the initiating peer node.

[0204] In one embodiment, the mobile agent may include authenticationinformation. Each visited peer node may access the authenticationinformation to verify the mobile agent as authorized by the distributorto collect information on distributor content stored on the peer node.In one embodiment, the authentication information may include a signedcertificate.

[0205] As indicated at 1824, the initiating peer node may examine theinformation on the distributor content provided by the mobile agent todetect unauthorized copies of the distributor content. Embodiments of amobile agent may be used in different environments to detectunauthorized copies of different types of digital content that the user(i.e. distributor or agent of the distributor) desires to control thedistribution of. For example, a distributor may use one embodiment of amobile agent to detect unauthorized copies of copyrighted content.Copyrighted content may include digital audio, video, image, text,multimedia, or any other digital, copyrightable material, or acombination thereof. Embodiments of a mobile agent may be used to detectunauthorized content other than copyrighted material. For example, amobile agent may be used by an distributed (e.g. enterprise orindividual) to detect unauthorized copies of sensitive, private, secure,and/or any other type of content that the enterprise desires to controlthe distribution of. An enterprise may be any public or privateinstitution or organization, including, but not limited to, businesses,corporations, public and private schools, governments and governmentagencies, non-profit organizations, etc.

[0206] In one embodiment, the peer nodes in the peer-to-peer network maybe configured to implement a peer-to-peer environment according to apeer-to-peer platform such as the exemplary peer-to-peer platformdescribed below which includes one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, join peer groups, share content includingdistributor content, and send and receive mobile agents in thepeer-to-peer environment. In one embodiment, pipes implemented accordingto the peer-to-peer platform may be used to send the mobile agentbetween peer nodes on the itinerary.

[0207]FIG. 47 illustrates a host peer operating in response to a digitalrights management mobile agent according to one embodiment. The mobileagent may travel through the network according to its itinerary tosearch for copyrighted or other distributor material on one or morepeers. In one embodiment, the mobile agent may collect otherinformation, such as file property information (size, owner, etc).Copyright status and other information may be stored with each file. Forexample, a bit may be set in a file to indicate it is copyrightedmaterial, or some other mechanism may be used, such as watermarks.

[0208] A peer may receive and determine whether to host a mobile agent,as indicated at 1830 and 1831. A peer may condition its hosting adigital rights management mobile agent upon a valid identificationcertificate to reduce the risk of breaching security or privacy byfraudulent mobile agents. A peer-to-peer platform enabling its peer nodeto participate in the peer-to-peer network may enable mobile agents tooperate on the peer with varying levels of access depending on theircredentials. A peer-to-peer platform may enable a mobile agent to searchthrough its host system upon detecting a valid certificate. For example,the peer-to-peer platform may include content distribution applicationswith root certificates for the content distributor, one of itsaffiliates, or the root certificate of a certificate authority. Thecertificate authority may have signed the distributor or affiliate'scertificate. The content distribution application may then be able toverify the signature of the mobile agent received and thereby confirmthat a mobile agent is properly certified. One or more of variousalgorithms (e.g. Secure Hash Algorithm-1 (SHA-1) with RSA) may be usedfor signing mobile agents.

[0209] The mobile agent may also have its itinerary generated from alist of members of a peer group, a peer-to-peer network, or some othergroup of peer nodes. For example, the home peer node of the mobile agentmay be a distributor of copyright material with a subscription listindicating peer nodes to which copyrighted material has beendistributed. The itinerary may be formed from this or similarsubscription lists, as well as client or user lists. Peers configured toexchange or receive copyrighted material may form peer groups anditineraries may be generated to reflect the membership of one or more ofsuch peer groups. In one embodiment, nodes participating in these peergroups may implement a peer-to-peer platform that is configured tohandle digital rights management mobile agents.

[0210] The mobile agent may then direct the peer node to search for andcollect information about copyrighted material stored on the peer, asindicated at 1832. In one embodiment, the mobile agent may specify typesof data files, and the peer may select from the copyrighted files foundthose files that also match the criteria specified by the mobile agent,as indicated at 1833. For example, a mobile agent may be configured tocollect data regarding copyrighted files in an MP3 or movie format tolimit the amount of data. The data collected may be stored as part ofthe mobile agent payload, as indicated at 1834. In one embodiment, thedata may be stored with data already stored in the payload. For example,the mobile agent payload may include a database, and the new data may beadded to the database. In one embodiment, data in the database may beencrypted or otherwise secured to reduce the risk of breaches ofsecurity or privacy. In other embodiments, data from local peers may beencrypted or secured to reduce the possibility of third partiesaccessing that data from the mobile agent during transmission or atother nodes. The data may be ordered according to one or more propertiesof the copyrighted files, such as by alphabetical order, date, or otherproperty or combination of properties. The data may include dataenabling the home peer node of the mobile agent to determine a fileinvolved and the peer storing the file.

[0211] In one embodiment, the mobile agent may prompt its host peer tosend the data to its home peer node directly to reduce bandwidth useand/or provide for failure management. The data transmitted may beencrypted or otherwise secured to reduce the risk of breaches ofsecurity and/or privacy. As the data collected may be large,accumulating it in the mobile agent may result in a significantconsumption of resources in bandwidth and storage. Moreover, if themobile agent fails or is otherwise terminated, the home peer may havereceived at least some data and may be able to determine which peernodes the mobile agent visited. The home peer may then use a similarmobile agent with an itinerary configured to continue the work of theprevious mobile agent. In another embodiment, a mobile agent may beconfigured to return to its home peer under certain conditions so thatit may return results in smaller amounts, for example if and when themobile agent reaches a size limit or visits a particular number of peernodes.

[0212] The peer node may use the itinerary to determine a next peer towhich the mobile agent is to be sent, and may send the mobile agent tothat next peer, as indicated at 1836 and 1838. The home peer node of themobile agent may receive the data collected from one or more of thepeers indicated by the itinerary. In one embodiment, the home peer nodemay analyze the data gathered by the mobile agent to determine thestatus of the files found on the peer nodes the mobile agent visited. Ahome peer node may use the results from the mobile agent for otherpurposes, such as cataloguing files.

[0213] Evaluating Trust Using Mobile Agents

[0214] Embodiments of the system and method for implementing mobileagents in the peer-to-peer environment may be configured to gatherreputation information for peers in peer-to-peer networks, for examplereputation for content indexing. In these embodiments, a peer mayevaluate other peers' reputations as providers of codats based onrecommendations (trust evaluations) gathered by a mobile agent from apeer group for which content/keyword match is applicable. A keyword mayindicate an area of interest of the peer, and the peer may be a memberin a peer group with other peers that share the area of interest.Reputation information may be used in calculating trust in peers in thepeer group as providers of codats relevant to the area of interest.Reputation information may also be referred to as trust information ortrust evaluations. Mobile agents may be used in disseminating,calculating, and/or updating trust in peer-to-peer networks. In oneembodiment, peers in the peer-to-peer network may use a trust mechanismsuch as the exemplary decentralized, distributed trust mechanismdescribed below to calculate and/or evaluate trust in other peers usingreputation information gathered by mobile agents.

[0215] In one embodiment, communications channels (e.g. pipes asdescribed for the exemplary peer-to-peer platform described below) maybe used to gather content/keyword evaluations and to establish groups orsub-groups of peers for each keyword in which the initiating peer(s)indicate interest. In one embodiment, a collection of groups orsubgroups of peers may determine a topological minimum for furthermobile agent queries to limit the effect of such queries on networkbandwidth and overall search performance.

[0216] In one embodiment, a mobile agent's itinerary may initially be anentire peer group. The mobile agent may be launched by an initiatingpeer (e.g. sent to a first peer on the itinerary). In one embodiment,the mobile agent may include or specify a function to be performed onvisited peers. In one embodiment, the function may be an executable Javaclass. In one embodiment, the Java class may be a certified (signed)Java class. In one embodiment, the function may be configured toaccumulate a return payload from visited peers based uponcontent/keyword matches on the visited peers as determined by eachvisited peer's local trust information.

[0217] In one embodiment, to preferably minimize network bandwidthimpact, the mobile agent may return to its initiating peer when it hascollected a predetermined amount of payload. If a mobile agent returnsto its initiating peer after collecting a predetermined amount ofpayload and before all peers on the itinerary have been visited, themobile agent may include a truncated itinerary including those peers ithas not yet visited. The payload may be emptied and the mobile agent maycontinue its peer group traversal using the truncated itinerary untilthe predetermined amount of payload has been collected from the visitedpeers on the truncated payload. This may continue until the itineraryhas been completed or, in one embodiment, until peers on the itinerarywhich the mobile agent cannot contact to visit do not respond for apredetermined time-to-live metric for the mobile agent to search for andcollect trust information for peers in the peer group. For example, thetime-to-live may be set to 30 minutes.

[0218] In one embodiment, as the mobile agent traverses the peer group,each peer on the itinerary that the mobile agent is to visit has a “timeto live.” If the time to live expires for a peer before it issuccessfully visited, no further attempts to visit the peer will be madeby the mobile agent. Peers that are not successfully visited within the“time to live” may have their reputation downgraded for having too higha risk for further interest. Once the peer group has been traversed bythe mobile agent, those peers whose reputation is high enough may form acooperative sub-group of peers for the next traversal by a mobile agentfrom an initiating peer. The collection of such sub-groups may be usedas the basis for peers' content access.

[0219]FIG. 48 is a flowchart illustrating a peer node using a mobileagent to collect trust evaluations from a plurality of peer nodesaccording to one embodiment. As indicated at 1840, an initiating peernode in a peer-to-peer network may launch a mobile agent on thepeer-to-peer network. The mobile agent may include an itineraryindicating a plurality of peer nodes in the peer-to-peer network to bevisited by the mobile agent, and may include an indication of an area ofinterest of the initiating peer node. As indicated at 1842, the mobileagent may collect trust evaluations for a subset of the plurality ofpeer nodes as providers of codats relevant to the area of interest fromone or more of the plurality of peer nodes indicated by the itinerary.In one embodiment, a codat is computer-representable content or data.

[0220] In one embodiment, the mobile agent may visit each of theplurality of peer nodes indicated by the itinerary to collect the trustevaluations. At each visited peer node, the mobile agent may determineif the visited peer node stores one or more trust evaluations for one ormore of the plurality of peer nodes as providers of codats relevant tothe area of interest. If the visited peer node stores one or more of thetrust evaluations, the trust evaluations may be stored as payload datain the mobile agent. After completing the itinerary, the mobile agentmay return the payload to the initiating peer node.

[0221] In one embodiment, if the stored payload data has reached a sizelimit, the mobile agent may return to the initiating peer node where thepayload data may be removed from the mobile agent and stored on theinitiating peer node. If there are more peer nodes on the itinerary thathave yet to be visited, the initiating peer node may send the mobileagent to a next peer node on the itinerary. If the stored payload datahas not reached a size limit and there are more peer nodes on theitinerary to be visited, the mobile agent may be sent to the next peernode on the itinerary. If there are no more peer nodes on the itinerary,the mobile agent may be returned to the initiating peer node.

[0222] In one embodiment, if the mobile agent is unable to visit one ofthe peer nodes indicated by the itinerary (for example, if the peer nodeis unavailable to be contacted by a peer node on the itinerary toreceive the mobile agent), the initiating peer node may reduce a trustevaluation for the peer node that the mobile agent was not able to visitas a provider of codats relevant to the area of interest, as the peernode is considered unreliable. In one embodiment, the mobile agent maytry one or more times to reach the peer node before “giving up” on thepeer node. In one embodiment, the mobile agent may retry reaching thepeer node until a time limit has expired.

[0223] As indicated at 1844, after receiving the trust evaluationscollected by the mobile agent, the initiating peer node may determine atrust evaluation for each of the subset of the plurality of peer nodesas providers of codats relevant to the area of interest from the trustevaluations collected by the mobile agent. In one embodiment, theinitiating peer node determines a trust evaluation for each of thesubset of the plurality of peer nodes as a provider of codats relevantto the area of interest from the trust evaluations collected by themobile agent and previous trust evaluations of the subset of theplurality of peer nodes as providers of codats relevant to the area ofinterest stored on the initiating peer node. In one embodiment, theinitiating peer node may then select one or more of the subset of peernodes for which corresponding trust evaluations are above a cooperationthreshold as providers of codats relevant to the area of interest. Inone embodiment, the initiating peer node and the selected one or more ofthe subset of peer nodes may form a peer group or sub-network forsharing codats relevant to the area of interest. Mobile agentssubsequently launched by the initiating peer node may include the memberpeer nodes of this peer group or sub-network in their itinerary.

[0224] In one embodiment, the peer nodes in the peer-to-peer network maybe configured to implement a distributed trust mechanism such as theexemplary distributed trust mechanism described below for establishingand maintaining trust relationships among the peer nodes in areas ofinterest from trust evaluations of codat exchange among the peer nodesin the area of interest. In this embodiment, determining a trustevaluation for each of the subset of the plurality of peer nodes as aprovider of codats relevant to the area of interest from the trustevaluations collected by the mobile agent may be performed in accordancewith the distributed trust mechanism.

[0225] In one embodiment, the peer nodes in the peer-to-peer network maybe configured to implement a peer-to-peer environment according to apeer-to-peer platform such as the exemplary peer-to-peer platformdescribed below which includes one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, find and exchange codats, and send andreceive mobile agents in the peer-to-peer environment. In oneembodiment, pipes implemented according to the peer-to-peer platform maybe used to send the mobile agent between peer nodes on the itinerary.

[0226]FIG. 49 illustrates a host peer operating in response to a mobileagent configured to gather reputation information according to oneembodiment. The mobile agent may travel through the network according toits itinerary while collecting data from peers. The mobile agent mayalso have its itinerary generated from a list of members of a peergroup, a peer-to-peer network, or some other group of peer nodesindicating they are configured to provide or store reputationinformation. Peer groups may be formed according to areas of interest,so to remain in a peer group peers may maintain a high reputation orlevel of trust. Peers may store local trust information including localcontent/keyword data, as indicated at 1850, corresponding to one or moreareas of interest. For example, a peer may store information aboutparticular subjects, such as wine, travel, etc, and may maintain storereputation corresponding to those areas of interest. In one embodiment,peers participating in peer groups for reputation information may use apeer-to-peer platform configured to maintain or provide reputationinformation for mobile agents such as the exemplary peer-to-peerplatform described below.

[0227] A peer may receive and determine whether to host a mobile agent,as indicated at 1851-52, for example as described for FIG. 41. Thehosted mobile agent may then direct the peer node to gather reputationinformation. In one embodiment, the peer node may search local trustinformation and local content/keyword data, as indicated at 1853. Thepeer node may then collect the information for the mobile agent, asindicated at 1854. In one embodiment, the mobile agent may specify othercriteria, for example identifying one or more areas of interest orrefining the search within an area of interest, so that the peer nodemay discriminate when collecting data. In one embodiment, a search maybe performed that is tailored to perform the discrimination and returnappropriate results matching criteria indicated by the mobile agent. Thepeer may then store the information collected as part of the mobileagent payload, as indicated at 1855. In one embodiment, data may beformatted to be stored with other data already stored in the payload.For example, the mobile agent payload may form a database, and collectedsearch information may be added to maintain the structure of thedatabase. The data may also be formatted according to particularconfigurations, for example as codats. The term “codat” as used hereinrefers to any computer content—code, data, applications, or othercollection of computer representable resources.

[0228] In one embodiment, the mobile agent may prompt its host peer tosend the search information or the actual files to its home peer nodedirectly to reduce bandwidth use and/or provide for failure management.As data collected may be large, accumulating it in the mobile agent mayresult in a significant consumption of resources in bandwidth andstorage. Moreover, if the mobile agent fails or is otherwise terminated,the home peer may have received at least some data and may be able todetermine which peer nodes the mobile agent visited. The home peer maythen use a similar mobile agent with an itinerary configured to continuethe work of the previous mobile agent. In another embodiment, a mobileagent may be configured to return to its home peer periodically so thatit may return results in smaller amounts, for example each time themobile agent reaches a size limit or visits a number of peer nodes. Inone embodiment, a size limit of four kilobytes of payload may beappropriate for most bandwidth.

[0229] The peer node may use the itinerary to determine a next peer towhich to send the mobile agent and send the mobile agent to that nextpeer, as indicated at 1856-58, for example as described for FIG. 41. Thehome peer node of the mobile agent may receive the version informationcollected from one or more peers. The data may be analyzed to determinewhich the overall reputation of the peers. In one embodiment, the homepeer may notify its peers of results. The peer group membership maychange according to the results to include peers with higher levels ofreputation or trust. In one embodiment, new peer groups may be formedaccording to the results. The home peer node may initiate the peer groupoperations.

[0230] Distributed Trust Mechanism

[0231] Embodiments of a decentralized, distributed trust mechanism aredescribed that may be used in various networking platforms, including,but not limited to, peer-to-peer and other decentralized networkingplatforms. The mechanism may be used, among other things, to implementtrust relationships between and among peers and to implement trustrelationships between peers and content and data (codat). Protocols andmethods may be provided for disseminating and updating trust. Forparticipating peers, trust may be biased towards data relevance, e.g.the quality of recipes in a cooking peer group in some embodiments.Trust may have multiple components or factors, and embodiments of thedecentralized trust mechanism may provide for the inclusion of factorsof trust based on a peer group's interests and/or group contentrelevance.

[0232] The term “codat” as used herein refers to any computercontent—code, data (static and dynamic), documents, applications,certificates, or any other collection of computer-representableresources. Examples of codat may include, but are not limited to: textfiles, photographs, applets, executable files, serialized Java objects,SOAP messages, certificates, etc. Codat may also include abstractions,for example, routes or paths in a network.

[0233] Embodiments of this decentralized trust mechanism may be used fora variety of applications. One exemplary application of this trustmechanism may be to perform reputation-guided searching. Anotherexemplary application of the trust mechanism may be to build arecommendation system for security purposes. In general, embodiments maybe used for applications in which trust may be based on the norm forsocial interaction between participating peers.

[0234]FIG. 50A illustrates trust relationships between peers and betweenpeers and codat according to one embodiment. The trust mechanism mayinclude a codat trust component that may be used in collectinginformation associated with a group's interests. In order to evaluatetrust with respect to a peer 200B's interests, the peer's interests maybe represented as one or more keywords 406. A user (i.e. of the peer200B) may evaluate trust in a codat 500 to build a trust relationshipfor peer 200B with that codat. In one embodiment, the peer 200B mayreceive codat 500 from another peer 200A and may evaluate trust withrespect to the peer's interest in the received codat 500. Thisevaluation may be made, for example, using search results (e.g.relevance) and user evaluation (e.g. user rating of the codat 500 usinga GUI), and may generate or update codat confidence 408 in the receivedcodat 500. In one embodiment, peer confidence 410 in the providing peermay be used in determining codat confidence 408. In one embodiment, thecodat 500 may be received from a providing peer over a path of one ormore other peers 200, and peer confidences 410 in the one or moreproviding peers may be used in determining codat confidence 408.

[0235] The results of the interest evaluation on the codat received frompeer 200A, codat confidence 408, may then be used to evaluate peer200B's trust in peer 200A (trust is a function of peer confidence 410and possibly one or more other factors) as a source for codat 500corresponding to one or more keywords 406 which represent areas ofinterests 506 of the peer 200B. Thus, evaluations of trust on a peer(for codat, paths, other peers, etc.) may be based on content andrelative to areas of interest. From a user's perspective, rating codat500 may be generally easier than rating a peer 200. Note that peer 200Amay perform a similar trust evaluation of peer 200B.

[0236] The codat trust component is based on content, and differs fromthe traditional trust concept based on risk, which may be identified asthe risk trust component. The risk trust component's value may bedetermined by one or more factors including, but not limited to: codatintegrity (e.g., the codat contained a virus as noted by a viruspreprocessor), peer accessibility (is the peer up most of the time), andpeer performance (long delays in retrieving data).

[0237] On a network comprising a plurality of peer nodes, each peer maybuild a trust relationship with one or more of the other peers to form a“web of trust” as illustrated in FIG. 50B according to one embodiment.Each peer 200 may belong to one or more peer groups 210. Each peer group210 may be formed or joined based upon a particular area of interest,which may be represented by a particular keyword. In one embodiment, apeer group 210 may be associated with two or more areas of interests,and thus keywords. In one embodiment, two or more peer groups may beassociated with the same area of interest, and thus keyword. Peers 200may exchange codat relevant to an area of interest within a peer group(or, in one embodiment, with peers 200 outside the peer group),determine codat confidence in the codat, and determine peer confidencesrelative to the area of interest for the providing peers using the codatconfidences in codat relevant to the area of interest received from thepeers 200. Trust relationships between peers 200 thus may be based oncontent (the codat trust component) instead of or in combination withthe risk trust component. Peers 200 may also propagate codat confidenceand peer confidence information to other peers 200.

[0238] In one embodiment, a peer, for example peer 200D, may receivecodat from another peer, for example peer 200C, via one or moreintermediary peers 200. In this example, there are two paths betweenpeer 200C and peer 200D, one through peers 200A and 200B, and onethrough 200B. In one embodiment, a codat confidence may be determinedusing confidence information for the path, which may include peerconfidences 410 in peers on the path.

[0239] In general, peers 200 are not necessarily members of all peergroups 210, and new peers 200 may not initially belong to any peer group210. In one embodiment, since peer group membership may be motivated bykeyword/interest, peers 200 that are not members of a particular peergroup 210 may be allowed to retrieve peer confidence information fromthe peer group 210 to use as initial peer confidence information for thepeer group 210. In one embodiment, peers 200 that are not members of aparticular peer group 210 may also be allowed to retrieve codatconfidence information from the peer group 210.

[0240]FIG. 51 illustrates a typical computer system that is suitable forimplementing various embodiments of the decentralized trust mechanism onpeers or other systems as described herein. Each computer system 180typically includes components such as a processor 182 with an associatedcomputer-accessible memory medium 184. Processor 182 may include one ormore processors, such as a Sparc, X86 (Pentium), PowerPC, or Alphaprocessor. Computer-accessible memory medium 184 may store programinstructions for computer programs, wherein the program instructions areexecutable by processor 182. The computer system 180 may further includea display device such as a monitor, an alphanumeric input device such asa keyboard, and a directional input device such as a mouse. Computersystem 180 is operable to execute the computer programs to implement thedecentralized trust mechanism as described herein.

[0241] The computer system 180 may further include hardware and programinstructions for coupling to a network 106. The network 106 may be anyof a variety of networks including, but not limited to, the Internet,corporate intranets, dynamic proximity networks, home networkingenvironments, LANs and WANs, among others, and may include wired and/orwireless connections. The network 106 may implement any of a variety oftransport protocols or combinations thereof, including, but not limitedto, TCP/IP, HTTP, Bluetooth, HomePNA, and other protocols.

[0242] Computer system 180 typically includes a computer-accessiblememory medium 184 on which computer programs according to variousembodiments may be stored. The term “computer-accessible memory medium,”which may be referred to herein as “memory,” may include an installationmedium, e.g., a CD-ROM, DVD or floppy disks, a computer system memorysuch as DRAM, SRAM, EDO DRAM, SDRAM, DDR SDRAM, Rambus RAM, etc., or anon-volatile memory such as a magnetic media, e.g., a hard drive, oroptical storage, or a combination thereof. The memory 184 may includeother types of memory as well, or combinations thereof. In addition, thememory 184 may be located in a first computer in which the programs areexecuted, or may be located in a second different computer that connectsto the first computer over a network. In the latter instance, the secondcomputer provides the program instructions to the first computer forexecution. The instructions and/or data according to various embodimentsmay also be transferred upon a carrier medium. In some embodiments, acomputer readable medium may be a carrier medium such as network 106and/or a wireless link upon which signals such as electrical,electromagnetic, or digital signals may be conveyed.

[0243] In addition, computer system 180 may take various forms,including a personal computer system, server, workstation, cell phone,pager, laptop or notebook computer, smart appliance, network appliance,Internet appliance, personal digital assistant (PDA), set-top box,television system, mainframe computer system, and even supercomputer orother device. In general, the term “computer system” can be broadlydefined to encompass any device having a processor that executesinstructions from a computer-accessible memory medium.

[0244] In one embodiment, the memory 184 may store software programsand/or data for implementing a decentralized trust mechanism asdescribed herein. In one embodiment, the memory 184 may further storesoftware programs and/or data for implementing a peer 200 forparticipating in a peer-to-peer environment with other peers 200(implemented on other computer systems 180 ) on network 106. Thesoftware program(s) may be implemented in any of various ways, includingprocedure-based techniques, componentbased techniques, and/orobject-oriented techniques, among others. For example, the softwareprogram may be implemented using ActiveX controls, C++ objects,JavaBeans, Microsoft Foundation Classes (MFC), or other technologies ormethodologies, as desired. A CPU, such as the host processor 182,executing code and data from the memory medium 184 includes a means forcreating and executing the software program or programs according to themethods and/or block diagrams described herein.

[0245] An exemplary peer-to-peer platform for enabling computer systems180 to participate as a peer 200 in a peer-to-peer environment, and inor with which embodiments of the decentralized trust mechanism may beimplemented, is described later in this document. It is noted thatembodiments may also be implemented in other peer-to-peer environmentsimplemented in accordance with other peer-to-peer mechanisms. It isfurther noted that, although embodiments as described herein aregenerally described in reference to peers and peer-to-peer networkingenvironments, embodiments may also be implemented on other systems andin other architectures including other networking architectures andenvironments, for example client-server systems.

[0246] In one embodiment, the memory 184 may store one or more codat500. Peer 200A may participate in the peer-to-peer environment with oneor more groups of peers 200. The peer 200A may have one or more areas ofinterests 506 and may choose to participate in particular peer groupsconcerned with particular areas of interest 506. Codat 500 may beclassified according to areas of interest 506. In one embodiment, aparticular codat 500 may be classified in more than one area of interest506. Memory 184 may also store one or more keywords 406 each associatedwith a particular area of interest 506. Memory 184 may also store one ormore codat confidences 408 and one or more peer confidences 410. Eachcodat confidence 408 may represent the peer 200A's trust or confidencein a particular codat 500. Memory 184 may also store one or more peerconfidences 410. Each peer confidence 410 may represent the peer 200A'strust in a particular peer 200. In one embodiment, trust mechanism 510may be executable to determine or adjust a peer confidence 410associated with a particular peer 200 using one or more codatconfidences 408 associated with codat 500 received from the particularpeer. Embodiments of methods for calculating codat confidence 408 andpeer confidence 410 are described later in this document. While trustmechanism is illustrated as being a component or module integrated inpeer 200, in some embodiments trust mechanism 510 may be a stand-alonemodule or program external to peer 200.

[0247] In one embodiment, the computer programs executable by thecomputer system 180 may be implemented in an object-oriented programminglanguage. In an object-oriented programming language, data and relatedmethods can be grouped together or encapsulated to form an entity knownas an object. All objects in an object-oriented programming systembelong to a class, which can be thought of as a category of like objectsthat describes the characteristics of those objects. Each object iscreated as an instance of the class by a program. The objects maytherefore be said to have been instantiated from the class. The classsets out variables and methods for objects that belong to that class.The definition of the class does not itself create any objects. Theclass may define initial values for its variables, and it normallydefines the methods associated with the class (i.e., includes theprogram code which is executed when a method is invoked.) The class maythereby provide all of the program code that will be used by objects inthe class, hence maximizing re-use of code that is shared by objects inthe class.

[0248] In one embodiment, an API may be provided for developinggraphical user interfaces (GUIs) for codat user rating. Implicitly, auser may be able to perceive how well retrieved codat fits the searchcriteria. This goes beyond simple keyword match, and rating informationmay be provided by user input to the GUI, and may in one embodimentserve as a user-supplied factor of the codat confidence relevancemetric.

[0249]FIG. 52 illustrates an exemplary architecture of a peer 200 (whichalso may be referred to as a peer node of a network) implementing atrust mechanism according to one embodiment. In one embodiment, a peer200 may include a trust mechanism 510 which may include one or morecodat confidence tables 400 which each may include one or more codatconfidences, and one or more peer confidence tables 402 which each mayinclude one or more peer confidences. In one embodiment, there may beone peer confidence table 402 for each peer group of which peer 200 is amember. In one embodiment, peer 200 may include a peer group independentpeer confidence table 404 which may include one or more peer confidencescorresponding to the peers in the peer groups in which peer 200 is amember peer.

[0250] Peer 200 may include codat 500. Codat 500 may be classified byarea of interest 506 of peer 200. Each area of interest 506 maycorrespond to a particular keyword 406. Peer 200 may determineconfidence in codat 500 and record the codat confidences in codatconfidence table 400. Codat confidences for codat received from anotherpeer in a particular area of interest represented by a keyword 406 maybe used to determine or adjust peer 200's peer confidence in the otherpeer. The peer confidence may be recorded or updated in the peerconfidence table 402 corresponding to the peer group in which both peer200 and the other peer are member peers. The peer confidence may also berecorded or updated in the peer group independent peer confidence table404.

[0251] In one embodiment, peer trust may be a function of peerconfidence and risk. In one embodiment, peer 200 may also include one ormore peer risk tables 412 which each may include one or more peer riskseach associated with a particular peer. Peer risk for a particular peermay be determined using one or more factors including, but not limitedto, codat integrity (e.g., did codat received from the peer contain avirus as noted by a virus pre-processor), peer accessibility (is thepeer up most of the time?), and peer performance (e.g. are there longdelays in retrieving data from the peer?). Entries in peer risk tables412 may be used in evaluating a peer's risk trust component. In oneembodiment, the peer confidence and risk tables may be used indetermining if a target peer is able to cooperate and is thustrustworthy.

[0252]FIG. 53A illustrates a codat confidence table 400 according to oneembodiment. For each keyword 406 representing an interest of the peer,there may be one or more codat confidences 408 each corresponding to acodat 500 classified under the particular interest 506 represented bythe keyword 406. Each codat confidence 408 may indicate a confidencevalue of the peer 200 in the corresponding codat 500. In one embodiment,codat confidence tables 400 may be used in determining and/or adjustingpeer confidences 410. In one embodiment, codat confidence tables 400 maybe searched by keyword 406 when searching for codat 500.

[0253] In one embodiment, codat 500 may be associated with peer groups,and a peer 200 may include a codat confidence table 400, for example asillustrated in FIG. 53A, for each peer group of which the peer 200 is amember peer, that may be used to record the (keyword, codat)relationships for peers in the particular peer group.

[0254] In one embodiment, there may be a peer confidence table 402 asillustrated in FIG. 53B that includes peer confidence information forthose peers for which the peer 200 has (keyword, codat) information. Ina peer confidence table 402, for each keyword 406 representing aninterest of the peer 200, there may exist one or more peer confidences410 each corresponding to a particular peer that provided a particularcodat 500. In one embodiment, there may be a separate peer confidencetable 402 for each peer group in which the peer 200 is a member peer. Inone embodiment, the peer confidence table(s) 402 may be included incodat confidence table(s) 400 as illustrated in FIG. 53A. In oneembodiment, peer confidence tables 402 may be used when searching for acodat 500.

[0255] In one embodiment, there may be a peer confidence table 404 thatincludes peer confidence information for peers across all the peergroups to which the peer 200 belongs, as illustrated in FIG. 53C. Thistable 404 may be used, for example, in calculating peergroup-independent peer confidence values.

[0256] In one embodiment, the decentralized trust mechanism may use datastructures such as object-oriented programming language classes torepresent the different trust components. In one embodiment, the classesmay include a codat confidence class, a peer confidence class, and arisk class.

[0257] In one embodiment, a codat confidence class may be used inevaluating the codat trust component according to a keyword. In oneembodiment, the codat confidence class may include, but is not limitedto, keyword, codat identifier, local flag, and confidence value aselements of the class. In one embodiment, the confidence value may havetwo metrics: popularity, and relevance to keywords. Popularity may bemonotonically increasing and may be incremented at the provider eachtime the codat is requested. The relevance may be in a range ofrelevance values, and may be in a range, for example (−1, 0, 1, 2, 3, 4)in one embodiment, as described below. The codat confidence class may beinstantiated to implement codat confidence 408 as illustrated in FIGS.50A and 51.

[0258] A peer confidence class may be used in evaluating the codat peertrust component according to a keyword. In one embodiment, the peerconfidence class may include, but is not limited to, class keyword, peeridentifier and confidence value as elements of the class. In oneembodiment, in addition to the codat confidence metrics above, therunning average of the popularity of each codat accessed from this peerfor a given keyword may also be kept. The peer confidence class may beinstantiated to implement peer confidence 410 as illustrated in FIGS.50A, 50B and 51.

[0259] In one embodiment, trust may be a function of peer confidence andrisk. A risk class may be used in evaluating a peer's risk trustcomponent. In one embodiment, the risk class may include, but is notlimited to, peer identifier, integrity of the codat, accessibility andperformance.

[0260] In one embodiment, the peer confidence and risk classes may beused in determining if another peer, for example a peer offering toprovide codat in a particular area of interest, is able to cooperate andis thus trustworthy.

[0261] The above describes how two components of trust relationships,confidence and risk, map to hardcoded information. The followingdiscusses embodiments of mechanisms for the calculation and propagationof such information to form a complex chain of relationships, anddescribes embodiments of methods to rate a propagated degree of trust.

[0262] In one embodiment, a trust value may be assigned to a peer. FIG.54 illustrates one embodiment of a table 420 of trust values 422 and thesignificance of or meaning 424 corresponding to the trust values 422. Inthe embodiment illustrated in FIG. 54, a peer may have a trust value of−1, 0, 1, 2, 3, or 4. Note that other embodiments may use other trustvalues and/or meanings corresponding to the trust values.

[0263] In the exemplary embodiment illustrated in FIG. 54, for the trustvalues of 0 and −1, the associated codat is never accessed. In oneembodiment, the trust value may be propagated through a transaction pipe(which may be described as a path). In one embodiment, the trust valueof a target for a single path, V_(path)(T), from peer S to peer Tthrough peers P_(i), (i=1, 2, . . . , n) may be calculated as in thefollowing formula: $\begin{matrix}{{V_{path}(T)} = {\frac{1}{4n}( {\sum\limits_{i - 1}^{n}\quad {V( P_{i} )}} ) \times {V(T)}}} &  1 )\end{matrix}$

[0264] Here, V(P_(i)) is the trust value of the peer, P_(i), whoprovides the information. In the exemplary embodiment illustrated inFIG. 54, V(P_(i)) is one of 1, 2, 3, or 4. V(T) is the trust value onthe target peer, T. Note that in other embodiments other formulas forcalculating V_(path)(T) may be used.

[0265] For multiple paths, in one embodiment the final trust value maybe the average of all the propagated trust values. As an example, assumethere are two paths from peer A to peer D. The first path is throughpeer B and C, the second one is though B, E and F. C trusts D with avalue of 3, B trusts C as a recommender with a value 2, and A trusts Bas recommender with a value of 3. Thus: $\begin{matrix}{{V_{1}(D)} = {{\frac{{V(B)} + {V(C)}}{8} \times {V(D)}} = {{\frac{3 + 2}{8} \times 3} = 1.88}}} &  1^{\prime} )\end{matrix}$

[0266] Using the same method, assume the trust value of the second pathV₂(D) is 2.15. In this example, the trust value A gives D is the averageof two paths, 2.01. In one embodiment, in addition to the propagation oftrust information, reputation may also be initialized and updated. (Notethat the values calculated in these and other examples herein may berounded or truncated for simplicity, but in application may or may notbe rounded or truncated.)

[0267] In one embodiment of the trust mechanism, there may be two valuesfor peer confidence and codat confidence. The codat confidence value isthe information to be propagated and the peer confidence value is thecarrier information to be used for weighting. In one embodiment,equation 1) may be transformed as follows, where the codat confidenceand peer confidence are the relevance metrics for codat within a givenpeer group: $\begin{matrix}{{{codat}\quad {confidence}_{path}} = {\frac{1}{4\quad n}( {\sum\limits_{i - 1}^{n}{{peer}\quad {{confidence}( P_{i} )}}} ) \times {codat}\quad {confidence}}} &  2 )\end{matrix}$

[0268] Propagation of confidence values may be employed when requestinginformation remotely and successfully. In one embodiment, when a remoterequest for information succeeds, the provider sends the codatconfidence object to the requester. If after computing codatconfidence_(path), the requester wants the codat, then the codat may besent to the requester (or alternatively the requester may access thecodat remotely). Even if the codat transfer (or access) occurs betweenP_(l) and P_(n), the codat confidence_(path) remains as if the data wasreceived through the pipe. In one embodiment, propagation may also beemployed when giving feedback to codat providers. The updated codatconfidence object from a requester may be propagated back to theprovider. Note that in other embodiments other formulas for calculatingcodat confidence_(path) may be used.

[0269] When updating trust value, each peer may update several (e.g.three) kinds of confidence tables. In addition, the updates may be basedon a peer's rating as well as on the feedback rating. Trust valueupdating may be illustrated using some examples. As one example of trustvalue updating, a peer may update its codat confidence using its ownrating and the codat confidence propagated from remote peers. Thepropagated popularity may be, for example, a running average. Thisexample focuses on the confidence and quality updating. In oneembodiment, a new codat confidence may be a function of the old codatconfidence, the propagated codat confidence, and the user rating:

new codat confidence=F(old codat confidence, propagated codatconfidence, user rating)

[0270] The following is an exemplary function that may be used tocalculate a new codat confidence in some embodiments:

newcodat confidence=(a×old codat confidence)+(b×propagated codatconfidence)+(c×user rating)  3)

[0271] where (a+b+c)=1.0, and a, b and c are nonnegative real numbers.a, b and c may be used as weights for relative importance of the oldcodat confidence, the propagated codat confidence, and the user rating,respectively, when calculating new codat confidence. Note that in otherembodiments other formulas for calculating new codat confidence may beused.

[0272] In one embodiment, the user's personal rating may be the mostimportant criteria for a user, and thus c may be given more weight (e.g.c=0.70). In one embodiment, if the new popularity value is greater thanthe old popularity value, then the propagated codat confidence may begiven more weight (e.g. a=0.10 and b=0.20); if the new popularity valueis less than the old popularity value, the old codat confidence may begiven more weight (e.g. a=0.20 and b=0.10). If they are equal, the oldcodat confidence and the propagated codat confidence may be given equalweight. Thus, using weights, more popular codat may be given an edge.Note that other schemes for distributing weights may be used in otherembodiments.

[0273] In one embodiment, the user rating may be received as user input.It is possible that neither the old codat confidence nor the propagatedcodat confidence is available. In this case, the old codat confidenceand the propagated codat confidence may be preset, for example, to 1. Asimilar rule may be applied to one or more of the other exemplaryfunctions herein.

[0274] As another example of trust value updating, a peer may update anold codat confidence using feedback. The peer may have a peer confidencecorresponding to the peer who provided the feedback. In one embodiment,a feedback may be defined as a reverse-propagated codat confidence fromanother peer. In one embodiment, a new codat confidence may be afunction of the old codat confidence, the feedback, and the peerconfidence corresponding to the peer that provides the feedback:

new codat confidence=F(old codat confidence, feedback, peer confidenceof feedback peer)

[0275] The following is an exemplary function that may be used tocalculate a new codat confidence in some embodiments: $\begin{matrix}{{{new}\quad {codat}\quad {confidence}} = \frac{\begin{matrix}( {{{old}\quad {codat}\quad {confidence}} +}  \\ ( {{feedback} \times \frac{{peer}\quad {confidence}_{{feedback}\quad {peer}}}{4}} ) )\end{matrix}}{2}} &  4 )\end{matrix}$

[0276] In at least some cases, the peer may not have peer confidence forthe peer who provides the feedback, so the peer confidence in thefeedback peer may be preset, for example, to 1. Note that in otherembodiments other formulas for calculating new codat confidence may beused.

[0277] In yet another example of trust value updating, a peer may updatethe peer confidence of an information provider in a peer group. In thisexample, the peer may not receive information from other peers on aprovider's performance. Instead, the peer may itself generate an opinionof the provider, associated with one or more keywords. The peer may knowthe codat confidence, relevance metric of the codat the provider hasprovided to the peer. In one embodiment, a new peer confidence may be afunction of the old peer confidence and the set of codat confidencesrelated to the provider:

new peer confidence=F(old peer confidence, set of codat confidencesrelated to the provider)

[0278] The following is an exemplary function that may be used tocalculate a new peer confidence in some embodiments: $\begin{matrix}{{{new}\quad {peer}\quad {confidence}} = \frac{\begin{matrix}{{{old}\quad {peer}\quad {confidence}} +} \\{\frac{1}{K}{\sum\limits_{a \in K}{{codat}\quad {confidence}_{provider}}}}\end{matrix}}{2}} &  5 )\end{matrix}$

[0279] where |K| is the number of keywords a in K related to theprovider. Note that in other embodiments other formulas for calculatingnew peer confidence may be used.

[0280] The trust mechanism may employ numerous updating functions, andin one embodiment, a Bayesian approach may be used. Using a Bayesianapproach, current data may be used to derive what the a posteriori modellooks like.

[0281] To make these trust values more meaningful for users, oneembodiment may include a cooperation threshold. If a peer confidencevalue corresponding to another peer is greater than the cooperationthreshold, the other peer may be considered cooperative. Otherwise, theother peer may be considered uncooperative, and the user of the peer maydecide that interaction with the other peer may involve too much risk.The cooperation threshold may be calculated based on the risk value, thecodat confidence value(s) and an importance value. The importance valuemay be used to indicate how important the cooperation is to the user. Auser may be willing to take a risk, i.e., override the trust mechanism'srecommendation, even though the peer confidence may be low. In oneembodiment, the importance may have a value of, for example, (−1, 0, 1,2, 3, 4) and may be input by users through a GUI. In one embodiment, theimportance value may be initially set to a default, e.g. 2. In oneembodiment, the risk value may be in a range from, for example, 0 to 4,where 0 implies no risk and 4 implies maximum risk. In one embodiment,the risk value may be statistically computed using peer accessibilityand performance information. In one embodiment, a network quality ofservice study method may be adopted to compute the risk value.

[0282] In one embodiment, if the following comparison is true, then thecooperation threshold is met: $\begin{matrix}{( {{peer}\quad {confidence} \times {importance}} ) > \frac{{Risk}_{peer}}{\frac{1}{K}{\sum\limits_{a \in K}{{codat}\quad {confidence}_{peer}}}}} &  6 )\end{matrix}$

[0283] Here, K is the set of all keywords, a, for the given peer forwhich there are codat confidence values across all peer groups, and |K|is the number of such keywords. The codat confidence valuescorresponding to the peer (related to a particular keyword k) may beused to represent the experienced confidence in the peer. Assuming theimportance is constant, if the risk is high and the experience is notgood, the threshold will tend to be high. In this case, the peerconfidence may not be higher than the threshold. Note that in otherembodiments other comparisons for determining if the cooperationthreshold is met may be used.

[0284] Security and the Trust Mechanism

[0285] Security may address privacy, authentication, integrity, and/ornon-repudiation. Various cryptographic techniques and protocols may beimplemented, for example, to attempt to guarantee that a conversation isprivate, to authenticate a user, to insure the integrity of data, and toassure that a transaction cannot be repudiated by its originator.

[0286] To the above cryptographic list, secure access to codat, orauthorization, may be added. Codat may include static as well as dynamicor executable data, which may be locally or remotely stored. Codat mayalso include abstractions such as routes or paths codat might take in anetwork, some of which may be privileged. In one embodiment, theauthorization mechanism described herein may not be a specificauthorization solution, but instead may be an open mechanism that allowsthe implementation of various secure codat access schemes based on themechanism. The trust mechanism may be a mechanism for peer-to-peerdistributed security in which some or all of the above security featuresmay be deployed, if desired.

[0287] In one embodiment, the trust mechanism may provide a trustspectrum as illustrated in FIG. 55 that has Certificate Authority signedcertificates 700 at or near one endpoint, and self-signed certificates702 at or near the other. In one embodiment, the trust mechanism may notrequire a true, distributed Public Key Infrastructure (PKI), but rathermay provide for the creation of a trust spectrum that neither requiresnor prohibits the presence of a PKI. At what point of trust in thespectrum a peer group chooses to communicate may be up to theparticipants in that group. A peer may belong to two or more differentpeer groups each implementing a different security model on differentlevels of the trust spectrum. In a trust spectrum, unique peeridentities may be established to enable authentication and theassignment of the peers' associated access policies within a peer group,e.g., authentication and authorization.

[0288] In embodiments of the trust mechanism, a method may be providedfor creating and distributing signed certificates in a peer-to-peernetwork Some embodiments may provide a mechanism for creating anddistributing public keys given a peer-generated, private-public keypair. In some embodiments, certificate creation may include using aCertificate Authority whose signature appended to a certificateguarantees the certificate's content for any recipient that has secureaccess to the Certificate Authority's public key. In one embodiment, theCertificate Authority's public key may be included in a root certificateon the recipient's system.

[0289] In an embodiment, any peer, including a recognized CertificateAuthority, may join a peer group and offer its services (assuming itmeets membership requirements, if any). The peer group members mayassign a level of trust or peer confidence to that peer, as well as toeach other. Mobile credentials, e.g. how to make a system's privatesecurity credentials securely available, may also be provided.

[0290] In some embodiments, peer-to-peer zero-dollar-cost certificatesmay be provided. In one embodiment, peer-to-peer zero-dollar-costcertificates may include self-signed certificates that may be exchangedbetween peers. In one embodiment, peer-to-peer zero-dollar-costcertificates may include certificates signed or cosigned by a trustedthird party (e.g. a trusted peer in a peer group). In one embodiment,the trust mechanism may not prohibit very strong security, e.g., strongsecurity mechanisms such as may be used on the Internet.

[0291] Users of self-signed certificates may be left open to “imposterin the middle” attacks. For example, if a peer A receives a peer B'sself-signed certificate in a security advertisement corresponding topeer B, peer A may have no way to guarantee that in fact the certificatewas received from peer B, and conversely, the same is true for peer B.An intruder, say peer C, may be in the middle of a conversation seeingeverything in clear text, and having given a “faked” self-signedcertificates to both peer A and peer B, may be pretending to be one orboth of them. Since peer C possesses both peer A and peer B's publickeys, peer C's presence may be undetectable. While it may take a greatdeal of effort to steal peer A and peer B's identities, it may be doneusing advertised, public information and information acquired as theimposter-in-the-middle. In one embodiment of a peer-to-peer network, foran intruder to steal a peer's identity, all of a peer's advertisementsmust be duplicated, possible encrypted passwords must be known, and pipeendpoint resolution spoofed. This may be possible with self-signedcertificates and this attack. Such an intruder could fully participatein a peer group using this stolen role.

[0292] However, for some classes of applications, this behavior may beacceptable if the above threats are clearly understood by the users. Forexample, a family may form a peer group to participate in secure instantmessaging among the family members. The underlying messages may beprivate, for example secured with TLS using 1024 bit RSA, 128-bit RC4,and SHA-1. The family may not worry that an imposter might try tointercept their conversations. This is a cost/risk decision whose riskis likely extremely small.

[0293] If the “imposter in the middle” attack is an unacceptable risk,and peer-to-peer zero-dollar-cost certificates are desired, a moresecure spectrum point may be used by exchanging certificates in person,for example using infrared or floppy disks. This is eyeball-to-eyeballtrust, and in certain peer groups, this is achievable and very secure.

[0294] If additional security is desired, then peer group members maydelegate certificate signature authority to selected members of a peergroup. For example, if peer A wants to acquire a signed certificate frompeer B that is a Certificate Authority, peer A generates a public,private key pair, sends the public key, algorithm parameters andpersonal identification to peer B, and then proves ownership of theprivate key. Peer B may accomplish the latter with a challenge encryptedin the public key and sent to peer A that owns the private key. Onlypeer A can decrypt the challenge, again encrypt it in peer A's privatekey, and send it back to peer B for verification. Once ownership isverified, peer B may issue a signed certificate to peer A. To verifythat peer B indeed signed the certificate, peer A must have peer B'spublic key. In addition, if peer A wants to communicate securely withpeer C, then he too must have peer B's public key and must trust peerB's signature. This makes the imposter-in-the-middle attack verydifficult since peer B's signature is created with his private key, andpeer A, and peer C have peer B's public key. This taken with strongauthentication, and authorization may prevent role theft.

[0295] In one embodiment, a method similar to the above may be appliedto create a “web of trust”-like signed certificate distribution in apeer group. A key ring of signed certificates may be created, and trustassigned using personal input obtained, for example, using the trustmechanism.

[0296] In one embodiment, a peer group-Certificate Authority, e.g. peerB, to both sign and distribute signed certificates to peer groupmembers. If peer B has signature authority in the peer group, and peer Ais a peer group member that trusts peer B, then peer A must have peerB's public key. One way to accomplish this is to have a root certificateon each peer in the peer group when the peer-to-peer software is loaded.These root certificates may be generated, for example, by a trustedpeer-to-peer organization or satellite that may be a true CertificateAuthority. In a peer-to-peer environment implemented in accordance witha peer-to-peer platform, for example the peer-to-peer platform describedlater in this document, root certificates may be included with releasesof the peer-to-peer platform.

[0297] Given such a bootstrap mechanism, peer B may request a signedcertificate from any of the trusted satellites, their goal being topropagate signing authority within peer groups without taking on theentire responsibility. Peer A may then, in the same way, open a secure,TLS session with peer B's system receiving peer B's satellite-signedX.509v3 certificate in the TLS handshake, verifying peer B'sauthenticity, and may acquire a certificate signed by Peer B using atotally secured connection. At the same time, peer A saves peer B'scertificate on a key ring for future use of peer B's public key. Here,for example, peer A might want to send peer B some private email, orchat privately with peer B.

[0298] Peer B, and other peer group Certificate Authorities may maintaincertificate revocation lists to assure that any transaction with aknown, breached certificate cannot take place, thus taking security onestep closer to a true peer group PKI. That final step may be taken byplacing known and trustworthy Certificate Authorities into the peergroup and delivering their public keys in root certificates, for examplewith the peer-to-peer platform.

[0299] In one embodiment, the trust mechanism may be used in calculatingcodat trust based on a peer's reputation in a given peer group. Since acertificate is one form of codat, in one embodiment the trust mechanismmay be applied to a peer's peer group key ring, i.e., a peer groupmember's collection of signed certificates for a given peer group. Inthe following discussion, it is assumed that the keyword is “signedcertificates” or another keyword used to signify signed certificates,and that the expected response is the search target's peer group keyring contents. In one embodiment, for a peer group(i), a peer mayinclude one or more tables as illustrated in FIGS. 56A and 56B formatches to the keyword “signed certificates,” in which codat confidenceis replaced with certificate confidence. In one embodiment, the tablesillustrated in FIGS. 56A and 56B may be included in the codat confidencetable and/or the peer confidence table(s) as illustrated in FIGS.53A-53C.

[0300] In one embodiment, an exemplary certificate confidence table 430as illustrated in FIG. 56A may be the peer's key ring trust table forthe peer group(i), and each entry 432 may be associated with a signedcertificate. Each certificate confidence entry 432 may indicate a trustin a particular path to another peer corresponding to the certificate.In FIG. 56B, the peer confidence values in table 440 may be userdefined, and each peer's entry may have, for example, two values. Afirst value, peer confidence_(certificate) 442, indicates a user'sconfidence in using a given peer's certificate, i.e. public key, forsecuring a transaction. A second, peer confidence_(recommender) 444,rates that peer as a recommender, or certificate cosigner.

[0301] As an example of using peer confidence_(recommender), if a peer Areceives a peer C's certificate from a peer B, and peer A does not knowthe subject, peer C, of that certificate and peer B does, then it mayneed to be determined whether peer A is willing to use peer B'srecommendation of peer C. Peer B may have assigned a certificateconfidence value to peer C's certificate. The peerconfidence_(recommender) may be used to determine if peer A uses thecertificate as recommended by peer B, and to what degree.

[0302] As another example of using peer confidence_(recommender), thevalue may be used by a peer A to rate a peer B's signature, for exampleif peer B cosigns a certificate.

[0303] Trust may be transitive. In one embodiment, transitivity may bemeasured, and the degree of transitivity may be user-definable. Peerconfidence_(recommender) 444 may be used as an indication of thetransitivity of trust. For example, if the peer confidence_(recommender)is less than, for example, 4, the trust relationship may be weaklytransitive. This is from the local peer's perspective and may be basedon reputation.

[0304] In one embodiment, certificate confidence 432 may be initially,for example, 4.0, as a default value for certificates originating on apeer. In one embodiment the certificate confidence corresponding to acertificate may be weighted by the trust path and the peerconfidence_(recommender) value if the source is not the issuer. Thefollowing is an exemplary method to calculate entries 432 (trust paths)in a certificate confidence table 430 as illustrated in FIG. 56A.

[0305] Under a web of trust, if a peer A's certificate is self-signed, apeer B knows peer A, and peer B gets peer A's certificate from peer Awho is then the certificate's subject, then using formula 2) for a pathof length 1: $\begin{matrix}{{{certificate}\quad {confidence}_{path}} = {\frac{{peer}\quad {{confidence}_{certificate}({subject})}}{4} \times {certificate}\quad {confidence}_{provider}}} &  7 )\end{matrix}$

[0306] In one embodiment, the certificate confidence may have an initialvalue, e.g. 4.0, and peer confidence_(subject) may default to a value,e.g. 2.0, or average, but may each be modified by the user.

[0307] Thus, for peer A:${{certificate}\quad {confidence}_{path}} = {\frac{{peer}\quad {{confidence}_{certificate}( {{peer}\quad A} )}}{4} \times 4.0}$

[0308] Thus, if peer B's peer confidence in peer A is 3.0, thecertificate confidence_(path) is 3.0. This is peer B's confidence inpeer A's certificate.

[0309] Next, if a peer C receives peer A's certificate from peer B, andpeer C's peer confidence_(recommender) in peer B's is 2.5, and peer Cdoes not know peer A, then: $\begin{matrix}{{{certificate}\quad {confidence}_{path}} = {\frac{1}{4} \times \frac{\begin{matrix}( {{{peer}\quad {confidence}_{recommender}} +}  \\ {{peer}\quad {{confidence}_{certificate}({subject})}} )\end{matrix}}{2} \times {certificate}\quad {confidence}_{provider}}} &  8 )\end{matrix}$

[0310] In one embodiment, a default peer confidence_(recommender) valuemay be 1.0, or minimal, as relationships may be initially weaklytransitive.

[0311] Given the above, the certificate confidence_(path) for peer A'scertificate is:${{certificate}\quad {confidence}_{path}} = {{\frac{( {2.5 + 2.0} )}{8} \times 3.0} = 1.69}$

[0312] Here the certificate confidence for peer A's certificate on peerB's system is 3.0 (from the first example), and is used in thecalculation in lieu of the default 4.0 value. Peer C rates peer B'srecommendations at 3.0, and on peer C's key ring, peer A's certificatehas a certificate confidence of 1.69.

[0313] In one embodiment, a certificate may have multiple signers. Forexample, if peer A's certificate is self-signed and cosigned by peer B,and peer C obtains the cosigned certificate from peer B, then thecertificate confidence_(path) is as above, and equals 1.69. In otherwords, peer C trusts peer B's certificate confidence in peer A.

[0314] Alternatively, if peer B cosigns the certificate, peer C getspeer A's certificate from peer A, and does not know peer A, peer C'speer confidence_(certificate) in peer A is 2.0. Since peer C rates peerB's peer confidencerecommender at 2.5, the certificate confidence_(path)is:${{certificate}\quad {confidence}_{path}} = {{\frac{( {2.5 + 2.0} )}{8} \times 4.0} = 2.25}$

[0315] Alternatively, if peer C's peer confidence in peer A is 3.0,then:${{certificate}\quad {confidence}_{path}} = {{\frac{( {2.5 + 3.0} )}{8} \times 4.0} = 2.75}$

[0316] As another example, peer C may take peer B into account as acosigner. Peer C may make peer B's peer confidence_(recommender) equalto 0, and not use transitivity of trust with respect to peer B. In thiscase, the above certificate confidence_(path) will be 3.0. The above maybe applied to certificates with n signatures, n-1 cosigners, and theinitial signer as P_(n): $\begin{matrix}{{{certificate}\quad {confidence}_{path}} = {\frac{\begin{matrix}( {{\sum\limits_{i = 1}^{n - 1}\quad {{peer}\quad {{confidence}_{recommender}( P_{i} )}}} +}  \\{n( {{peer}\quad {{confidence}_{certificate}( P_{n} )}} )}\end{matrix}}{2 \times 4 \times n} \times {certificate}\quad {confidence}_{provider}}} &  9 )\end{matrix}$

[0317] In one embodiment, if a certificate is signed by a peer groupCertificate Authority, then that Certificate Authority's rootcertificate may be included on all peer group member peers. SuchCertificate Authority signed certificates may have a default certificateconfidence_(provider) of, for example, 4.0, and the CertificateAuthority may have default peer confidence_(certificate) and peerconfidence_(recommender) of, for example, 4.0, thus giving all suchcertificates a local default certificate confidence_(path) of 4.0, inone embodiment. Thus, the following is a certificate for peer A receivedfrom a Certificate Authority:${{certificate}\quad {confidence}_{path}} = {{\frac{( {4.0 + 4.0} )}{8} \times 4.0} = 4.0}$

[0318] A user may still apply formula 7) so that if peer B receives peerA's Certificate Authority signed certificate from peer A, and peerconfidence_(certificate)(peer A) is 3.0, then peer A's certificateconfidence will be 3.0. This may affect peer B's willingness to dofinancial transactions with peer A, or willingness to send peer Aprivate mail using S/MIME, for example. Such judgments may be personalcalls made by a peer. Downgrading such a certificate may typically berare.

[0319] At any point in time, the degree of transitivity of a givenpeer's reputation as a recommender with respect to another peer may beeither too optimistic or pessimistic. Thus, in one embodiment, amechanism may be provided to measure and correct, if necessary ordesired, experience with respect to a peer's recommendations over time.This mechanism may be provided since peer confidencerecommender of eachsuch recommender may be explicitly defined.

[0320] Let K be the set of all certificate confidences for which thereare non-default values for both peer confidence_(certificate) and peerconfidence_(recommender) for certificates uniquely recommended orcosigned by a given peer, P₀. If K is empty, then there may not besufficient experience to reevaluate P₀. In one embodiment, the averagerecommendation for P₀ may be calculated by defining:${{cosigner}\quad {peer}\quad {{confidence}_{recommender}( P_{0} )}} = {\frac{1}{K}{\sum\limits_{\alpha \in K}( {{certificate}\quad {confidence}_{path}} )_{\alpha}}}$

[0321] where |K|=number of certificates in K. The direct peer confidencemay then be calculated, e.g., as if each certificate were obtaineddirectly from the same subjects, e.g., peer confidence_(recommender) isset to 0:${{direct}\quad {peer}\quad {confidence}} = {\frac{1}{K}{\sum\limits_{\alpha \in K}( {{peer}\quad {confidence}_{certificate}} )_{\alpha}}}$

[0322] The two values may allow a comparison of how the local peer'sratings correlate with the remote peer's ratings, and permit the localpeer to adjust its ratings accordingly if they do not agree. Forexample, a peer A may obtain a peer B's certificate and a peer C'scertificate from a peer D. If peer A gives peer D a peerconfidence_(recommender) value of 2.5, and the certificate confidencevalues of peer B and peer C on peer D are 2.6 and 3.0 respectively,then:${{cosigner}\quad {peer}\quad {confidence}_{{peer}\quad d}} = {\frac{2.6 + 3.0}{2} = 2.8}$

[0323] If peer A rates peer B and peer C with peer confidencecertificatevalues of 3.0 and 3.8, respectively, then by applying formula 7):${{direct}\quad {peer}\quad {confidence}} = {\frac{3.0 + 3.8}{2} = 3.4}$

[0324] Thus, peer A may be underrating peer D, and may adjust the peerconfidence_(recommender) value for peer D if desired.

[0325] Peer Identity and Authentication

[0326] In one embodiment, for a peer to be authenticated in a peergroup, a peer identity may be required. In one embodiment, a peeridentity may be unique across all peers. In addition, certificatesissued to a peer may have a unique user identifier (UUID). For X.509certificates this is an X.500 distinguished name that is unique acrossthe Internet. An example is:

[0327] (CN=John Doe,

[0328] OU=Widgets,

[0329] O=ACME, Inc.,

[0330] C=FR)

[0331] Pretty Good Privacy (PGP) certificates also require userinformation but may be less stringent about the details. The informationmay be “identity” information about the user such as the user's name,identifier, photograph, etc. In either case, a unique UUID may begenerated. For example:

[0332] (CN=UserName,

[0333] OU=<twenty-digit pseudo-random ID>,

[0334] O=<organization name>,

[0335] C=Country)

[0336] A concatenation of the above name identifiers may also besuitable for a PGP certificate. In one embodiment, given that each peerhas its own certificate, self-signed, cosigned, or CertificateAuthority-signed, a peer identity may be created by hashing theconcatenation of the UUID and the public-key fields, signing this hashwith the private key, and using the digital signature as the identity.Since such a signature may be large, for large keys, it may be the keylength, and the first twenty bytes, for example, may be used as adigital fingerprint. Other possible fingerprint mechanisms are the MD5or SHA-1 hash of the private key. Both are reproducible only by theowner of the private key, and verifiable, and may be used as achallenge. The identity may be used as the peer's credential inmessages, for example peer-to-peer platform messages.

[0337] Given a unique identity, a peer may use the identity inaccordance with a peer group's authentication policy (which also mayrequire a password to be created) to grant or receive, for example,group privileges, account privileges, and a renewal period. This may bedone over a private connection to protect the password. Finally, a groupcredential may be returned to the peer group member that acknowledgesand embodies the authorized privileges. This same credential may then berequired whenever any of the associated peer group services are used.

[0338] In one embodiment, such a method may require peer-to-peerplatform authorization services. Peer group members may need to be awareof which peers or systems provide authorization services. In oneembodiment, a source for lists of addresses (e.g. URIs) forauthorization peers may be published, for example using a peer-to-peerplatform advertisement mechanism as described later in this document.

[0339] Key Rings

[0340] Over time, peers may acquire a local collection of certificateswith their associated public keys. Such a collection may be referred toas the user's key ring. A peer may have at least one personalcertificate. Thus, the key ring may be non-empty. A peer may bothpublish the existence of this key ring and distribute its contents onrequest, for example using peer-to-peer platform protocols as describedfor the exemplary peer-to-peer platform below. These peer-to-peerplatform protocols may permit the creation of advertisements, forexample, a peer may have one or more corresponding advertisements thatmay contain static information describing that peer. In one embodiment,the peer-to-peer platform peer advertisement may have an XML tagreserved for security, and to add security the peer's security pipeidentifier may be advertised in that XML field.

[0341] In one embodiment, each certificate on a peer key ring mayinclude a reference that may include, but is not limited to, the peeridentifier, the address (e.g. email address) of the certificate'ssubject or owner, and the local peer's certificate confidence for thatcertificate. This list of references may be considered the peer's keyring list, and may be accessible, for example through the peer'ssecurity pipe, and thus, may be used to publish those keys that areexportable by that peer. In one embodiment, a certificate may beaccessed using either its peer identifier or domain name reference usingthe same pipe.

[0342] In one embodiment, the peer-to-peer platform may provide one ormore protocols that may be leveraged by embodiments of the trustmechanism to support, advertise and access key ring lists andcertificates as described above. In one embodiment, the absence of asecurity pipe identifier in the peer advertisement may imply thatsecurity services are not supported on that peer. In addition, in someembodiments, the peer advertisement may not include the security pipeidentifier in order to reduce the size of these advertisements, and tomake information like the security pipe identifier available on demand.In this case, the security pipe identifier may be available through apeer information protocol of the peer-to-peer platform for obtainingpeer information. In one embodiment, at least the availability ofsecurity services is part of the peer advertisement.

[0343] Peer-to-Peer Platform Transport Layer Security (TLS)

[0344] In one embodiment, for private, peer-to-peer communication, TLSmay be implemented within the constraints of the security model's trustspectrum discussed in the previous sections, and on top of thepeer-to-peer platform's core protocols. In one embodiment, aTLS_RSA_WITH_RC4_(—)128_SHA cipher suite from the peer-to-peerplatform's security toolbox may be used. One embodiment may employClaymore System's PureTLS code.

[0345] In one embodiment, self-signed certificates may be sent in theTLS handshake at the least secure end-point of this spectrum. Thus, ashas been previously discussed, the imposter-in-the-middle attack may bepossible, as it is for any PGP-like Web-of-Trust where self-signingcannot prevent forged certificates.

[0346] In one embodiment, cosigned certificates may be more difficult toforge. For example, consider a peer A that requires that allcertificates it uses be cosigned by a peer B. Peer A initiates a privatecommunication with a peer C, and a peer D is an “imposter in themiddle.” Peer D may forge peer C's certificate that is cosigned by peerB peer D. However, to be successful, Peer D will also have to forge peerB's certificate that is resident on peer A's system.

[0347] Thus, in some embodiments, two or more points in the trustspectrum may be implemented, e.g., self-signed and Certificate Authoritysigned certificates. Some embodiments may also include cosigning ofcertificates and/or satellite Certificate Authorities, among othermeasures, which may individually or together offer better than “prettygood privacy” TLS for low or no cost.

[0348] Peer Group Authentication

[0349] Some embodiments of the exemplary peer-to-peer platform describedbelow may include a framework for Pluggable Authentication Modules(PAMs). Using peer identities, a peer group authentication module may beadded to the PAM implementation of the peer-to-peer platform. In oneembodiment, a peer group member that has an authentication level ofauthority may do the initial authentication. The initial authenticationmay return a peer group credential which may include one or more of, butis not limited to, the following fields:

[0350] Authorization privileges, e.g.:

[0351] Data access: e.g. read and write.

[0352] Authentication level: e.g. trial membership, full member, andauthority.

[0353] Membership expiration date.

[0354] Hash of member's password and the algorithm used.

[0355] Peer Identity of initiating authority.

[0356] Digital Signature of the previous fields by initiating authority.

[0357] In one embodiment, the initial authentication may be done usingTLS to keep the user's password private. Further authentication(s) toaccess other group members' systems may include the above credential,and thus may be challenged by requesting the password and reproducingthe hash, after first verifying the credential with the public key ofthe initiating authority.

[0358] Thus, an authentication infrastructure may be included in apeer-to-peer platform, such as the exemplary peer-to-peer platformdescribed below.

[0359] Peer-to-Peer Platform

[0360] The following is a description of an exemplary network computingplatform designed for peer-to-peer computing which may be used toimplement peer-to-peer environments in which embodiments of a system andmethod for implementing mobile agents in peer-to-peer networkingenvironments as described above may be implemented. Note that this is anexemplary peer-to-peer platform, and embodiments of the system andmethod for implementing mobile agents in peer-to-peer networkingenvironments as described above may be implemented in other peer-to-peerenvironments and with other peer-to-peer platforms.

[0361] The network computing platform may be referred to as apeer-to-peer platform. The peer-to-peer platform may be used to build awide range of distributed services and applications in which everydevice is addressable as a peer, and where peers can bridge from onedomain into another. The peer-to-peer platform may enable developers tofocus on their own application development while easily creatingdistributed computing software that is flexible, interoperable, andavailable on any peer on the expanded Web. The peer-to-peer platform mayenable software developers to deploy interoperable services and content,further spring-boarding the peer-to-peer revolution on the Internet. Thepeer-to-peer platform addresses the problems of prior art peer-to-peersystems by providing a generic and service-agnostic peer-to-peerplatform that may be preferably defined by a small number of protocols.Each protocol is preferably easy to implement and easy to be adoptedinto peer-to-peer services and applications. Thus, service offeringsfrom one vendor may be used, perhaps transparently, by the usercommunity of another vendor's system.

[0362] The peer-to-peer platform extends peer-to-peer computing toenable a wide range of distributed computing applications and overcomethe limitations typically found in prior art peer-to-peer applications.The peer-to-peer platform is a network computing technology thatprovides a set of simple, small, and flexible mechanisms that cansupport peer-to-peer computing on any platform, anywhere, and at anytime. The peer-to-peer platform generalizes peer-to-peer functionalityand provides core technology that addresses the limitations of prior artpeer-to-peer computing technologies.

[0363] The peer-to-peer platform is a modular platform that providessimple and essential building blocks for developing a wide range ofdistributed services and applications. The peer-to-peer platformspecifies a set of protocols rather than an API. Thus, the peer-to-peerplatform can be implemented in any language on any Operating System toprovide solutions ranging from providing a simple protocol-based wrapperthat enables a small device to join a network of peers to developing afully integrated application that supports metering, monitoring,high-level security and communication across server-class systems.

[0364] In one embodiment, the peer-to-peer platform architecture mayinclude, but is not limited to, protocols, advertisements, and coreservices. Network protocol bindings may be used to preferably ensureinteroperability with existing content transfer protocols, networktransports, routers, and firewalls. The peer-to-peer platform may beused to combine network nodes (peers) into a simple and coherentpeer-to-peer network computing platform. Embodiments the peer-to-peerplatform may be directed at providing several benefits including one ormore of, but not limited to, no single point of failure, asynchronousmessaging, the ability for peers to adapt to their network environment,and moving content towards its consumers.

[0365]FIG. 2 illustrates one embodiment of peer-to-peer platformsoftware architecture at the conceptual level. The peer-to-peer platformmay include several layers. In one embodiment, the software stack may bedescribed using three layers; a peer-to-peer platform (core) layer 120,a service layer 140 and an application layer 150. In one embodiment, thepeer-to-peer platform may include a core layer 120 that defines andencapsulates minimal primitives that are common to peer-to-peernetworking, including, but not limited to, peers 110, peer groups 122,peer discovery 124, peer communication (e.g. pipes) 126, peer monitoring128, and associated security primitives 130. This layer may be shared byall peer-to-peer devices so that interoperability becomes possible.

[0366] A peer may be defined as any entity that runs some or all of oneor more protocols provided by the peer-to-peer platform core layer. Assuch, a peer may manifest in the form of a processor, a process or adevice. A peer may be anything with a digital heartbeat that supportsthe peer-to-peer platform core, including sensors, servers, PCs,computers up to and including supercomputers, PDAs, manufacturing andmedical equipment, phones and cellular phones. In order to interact withother peers (e.g. to form or join peer groups), the peer needs to beconnected to some kind of network (wired or wireless), such as IP,Bluetooth, or Havi, among others.

[0367] The peer-to-peer platform may provide mechanisms through whichpeers may discover each other, communicate with each other, andcooperate with each other to form peer groups. Peers may discover eachother on the network to form transient or persistent relationshipscalled peer groups. A peer group is a collection of peers connected by anetwork that share a common set of interests and that have agreed upon acommon set of rules to publish, share and access any computer content(code, data, applications, or other collections of computerrepresentable resources), and communicate among themselves. Peer groupsmay also be statically predefined. The peers in a peer group maycooperate to provide a common set of services. A peer group may beviewed as an abstract region of the network, and may act as a virtualsubnet. The concept of a region virtualizes the notion of routers andfirewalls, subdividing the network in a self-organizing fashion withoutrespect to actual physical network boundaries. In one embodiment, peergroups implicitly define a region scope that may limit peer propagationrequests. Conceptually, a peer group may be viewed as a virtual entitythat speaks the set of peer group protocols.

[0368] The core layer 120 provides core support for peer-to-peerservices and applications. In a multi-platform, secure executionenvironment, the core mechanisms of peer groups, peer pipes and peermonitoring may be provided. Peer groups 122 may establish a set of peersand naming within a peer group with mechanisms to create policies forcreation and deletion, membership, advertising and discovery of otherpeer groups and peer nodes, communication, security, and contentsharing. Pipes provide virtual communication channels among peers.Messages sent in pipes may support transfer of data, content, and codein a protocol-independent manner, allowing a range of security,integrity, and privacy options. In one embodiment, messages may bestructured with a markup language such as XML. Peer monitoring 128enables control of the behavior and activity of peers in a peer groupand can be used to implement peer management functions including accesscontrol, priority setting, traffic metering, and bandwidth balancing.

[0369] The core layer 120 may include protocols and building blocks toenable key mechanisms for peer to peer networking, including discovery,transport (including firewall handling and limited security), and thecreation of peers and peer groups. In one embodiment, the core layer 120may be thin and small, and may provide interesting and powerfulprimitives for use by services and applications in the other layers. Thecore layer 120 may support choices such as anonymous vs. registeredusers and encrypted vs. clear text content without imposing specificpolicies on developers. Policy choices may be made, or when necessary,implemented, at the service layer 140 and/or application layer 150. Forexample, administration services such as accepting or rejecting a peer'smembership in a peer group may be implemented using the functionalityprovided by the core layer 120.

[0370] The core components of the peer-to-peer protocol may be used toimplement discovery mechanisms for searching, publishing and recoveringof core abstractions (e.g. peers, peer group, pipes, endpoints, andadvertisements). In one embodiment, these mechanisms may be simple,administration free, and may not require special peers to act as“master” peers. These mechanisms may allow processes in the peer-to-peernetwork, in absence of help from other applications and/or services, tobootstrap and find out the information necessary to access applicationsand services that can help. In addition, the core may “return” to thisstandalone behavior and still function if helper applications orservices fail. In one embodiment, safety mechanisms may be put in placein order to avoid a major overflow of “web-crawling.” In one embodiment,applications and/or services that support the peer-to-peer protocol mayaccess, control, and/or override the core components, even to theextreme of implementing a centralized, client-server model based on thecore components.

[0371] At the highest abstraction level, the peer-to-peer platform maybe viewed as a set of protocols provided at the core layer 120. In oneembodiment, a common thread among peer-to-peer platform peers isprotocols, not APIs or software implementations. In one embodiment, thepeer-to-peer platform protocols may guarantee interoperability betweencompliant software components executing on potentially heterogeneouspeer runtimes. Thus, embodiments of the peer-to-peer platform may beagnostic to programming languages. The term compliant may refer to asingle protocol only. That is some peers may not implement all the coreprotocols. Furthermore, some peers may only use a portion (client-sideor server-side only) of a protocol.

[0372] Each protocol may be defined by one or more messages exchangedamong participants of the protocol. Each message may have a predefinedformat, and may include various data fields. In one embodiment, theprotocols may utilize messaging such as XML messages. The peer-to-peerplatform connects peer nodes with each other. In one embodiment, thepeer-to-peer platform may be platform-independent by virtue of being aset of protocols. As such, the peer-to-peer platform may not requireAPIs and remains independent of programming languages, so that it can beimplemented in C/C++, Java, Java 2ME, Perl, Python or other languages.This means heterogeneous devices with completely different softwarestacks can preferably interoperate through the peer-to-peer platformprotocols. To underpin this set of protocols, the peer-to-peer platformmay define a number of concepts including peer, peer group,advertisement, message, pipe, and more.

[0373] In one embodiment, peer-to-peer protocols may be embodied asmarkup language (e.g. XML) messages that may be sent between two peers.In one embodiment, the peer-to-peer platform messages may define theprotocols used to discover and connect peers and peer groups, and toaccess resources offered by peers and peer groups, among others. The useof markup language (e.g. XML) messages to define protocols may allowmany different kinds of peers to participate in a protocol. Each peermay be free to implement the protocol in a manner best suited to itsabilities and role. For example, not all peers are capable of supportinga Java runtime environment. In one embodiment, the protocol definitiondoes not require nor imply the use of Java on a peer.

[0374] Several peer-to-peer platform protocols that may be provided byembodiments of the peer-to-peer platform are described later in thisdocument. The protocols defined in this document may be realized overnetworks including, but not limited to, the Internet, a corporateintranet, a dynamic proximity network, a home networking environment,LANs, and WANs. The protocols defined in this document may also berealized within a single computer. Thus, in one embodiment, thepeer-to-peer platform may be transport protocol independent. The sizeand complexity of the network peers that may support these protocolspreferably includes a wide range of peer implementations including peersimplemented on, but not limited to, simple light switches, PDAs, cellphones, pagers, laptop and notebook computers, smart appliances,personal computers, workstations, complex, highly-available servers,mainframe computers and even supercomputers.

[0375] The peer-to-peer platform may further include a peer-to-peerservices layer 140. This layer may provide capabilities that may not beabsolutely necessary for a peer-to-peer network to operate but that maybe desirable to provided added functionality beyond the core layer 120in the peer-to-peer environment. The service layer 140 may deal withhigher-level concepts such as search and indexing, directory, storagesystems, file sharing, distributed file systems, resource aggregationand renting, protocol translation, authentication and PKI (public keyinfrastructure) systems. These services, which may make use of theprotocols and building blocks provided by the core layer 120, may beuseful by themselves but also may be included as components in anoverall peer-to-peer system. Thus, services may include one or moreservices 144 provided by the peer-to-peer platform. Theseplatform-provided services 144 may include indexing, searching and filesharing services, for example. The services layer 140 may provide hooksfor supporting generic services (such as searching, sharing and addedsecurity) that are used in many peer-to-peer applications. Thus,services may also include one or more services 142 not provided as partof the peer-to-peer platform but rather provided by the peer-to-peerplatform community. These services 142 may be user-defined and may beprovided, for example, to member peers in a peer group as a peer groupservice.

[0376] Services may expand upon the capabilities of the core layer 120and may be used to facilitate application development. Facilitiesprovided as services in the service layer 140 may include mechanisms forsearch and indexing, directory, storage systems, file sharing,distributed file systems, resource aggregation and renting, protocoltranslation, authentication, PKI services, and caching code and contentto enable cross-application bridging and translation of files, amongothers. Searching capabilities may include distributed, parallelsearches across peer groups that are facilitated by matching an XMLrepresentation of a query to be processed with representations of theresponses that can be provided by each peer. These facilities may beused for simple searches, for example searching a peer's repository, ormore complex searches of dynamically generated content that isunreachable by conventional search engines. peer-to-peer searches may beconducted across a company's intranet, for example, to quickly locaterelevant information within a secure environment. By exercising tightcontrol over peer group membership and enabling encrypted communicationbetween peers, a company may extend this capability to its extranet,including business partners, consultants, and suppliers as peers. Thesame mechanisms that facilitate searches across the peer group may beused as a bridge to incorporate Internet search results, and to includedata outside of the peer's own repository, for example searching apeer's disk. The peer services layer 140 may be used to support othercustom, application-specific functions. For example, a secure peermessaging system may be built to allow anonymous authorship and apersistent message store. The peer services layer 140 provides themechanisms to create such secure tools; the application developersthemselves may determine specific tool policies.

[0377] The peer-to-peer platform may also include a peer-to-peerapplication layer 150. The application layer 140 may support theimplementation of integrated applications such as file sharing, resourcesharing, monetary systems, distributed storage, peer-to-peer instantmessaging, entertainment, content management and delivery, peer-to-peeremail systems, distributed auction systems, among others. Applicationsmay be “vertical” or they may be developed to interoperate with otherdistributed applications. One or more applications 154 may be providedas part of the peer-to-peer platform. For example, one embodiment of thepeer-to-peer platform may include a shell application 160 as adevelopment environment built on top of the platform. The shellapplication may provide interactive access to the peer-to-peer platformvia a simple command line interface 162.

[0378] Applications may also include community applications 152 notprovided by the peer-to-peer platform. These community applications 152may be user-defined and may be provided, for example, to member peers ina peer group as a peer group application.

[0379] In one embodiment, the boundary between services and applicationsis not rigid. An application to one customer can be viewed as a serviceto another customer. An application may use services. Services may serveas protocols that may be shared among various applications. Anapplication may provide a user interface, a way to define a set of filesto share, a way to initiate a search, a way to display the results, anda way to initiate a file transfer, for example. Such an application maymake use of a set of services, for example a reliable point-to-pointfile transfer service, a distributed search service, a discovery serviceto locate other peers, among others.

[0380] Applications may be built using peer services as well as the corelayer 120. The peer-to-peer platform may support the fundamental levelsbroadly, and rely on the peer-to-peer development community to provideadditional peer services and applications. Peer applications enabled byboth the core layer 120 and peer services layer 140 may includepeer-to-peer auctions that link buyers and sellers directly, with buyersable to program their bidding strategies using a simple scriptinglanguage, for example. Resource-sharing applications, such as SETI@home,may be built more quickly and easily, with heterogeneous, worldwide peergroups supported from day one. Instant messaging, mail, and calendaringservices may facilitate communication and collaboration within peergroups that are secure and independent of service provider-hostedfacilities. Virtually any other type of application may be build on topof the core layer 120 and services layer 140.

[0381] Some features, such as security, may manifest in all three layersand throughout a peer-to-peer system, albeit in different formsaccording to the location in the software architecture. In oneembodiment, the system may be modular, and allows developers to pick andchoose a collection of services and applications that suits their needs.

[0382] A typical peer-to-peer platform network may provide an inherentlynondeterministic topology/response structure. In a peer-to-peer platformnetwork, a specific resource request may not return for minutes, hours,or even days; in fact, it may never return at all. In addition, peoplefrom different parts of the world requesting the same resource arelikely to get different copies of the resource from completely differentlocations. Peers may obtain content from multiple servers, ideallyreaching a nearby one that is up and running. The original source peerneed not service every resource request; in fact, it does not even haveto be up and running. The nondeterministic structure may also helpprovide the optimized use of network bandwidth. The concentratedlocalized traffic congestion typical of today's Web does not affectpeer-to-peer networking. The nondeterministic structure may also helpprovide a lowered cost of content distribution. The peer-to-peer networkcan absorb contents and replicate it for easy access. Thenondeterministic structure may also help provide leveraged computingpower from every node in the network. With asynchronous operations, auser may issue many requests for many resources or servicessimultaneously and have the network do the work. The nondeterministicstructure may also help provide unlimited scalability. A properlydesigned peer-to-peer application may span the entire known connecteduniverse without hitting scalability limits; this is typically notpossible with centralized schemes. Note, however, that the peer-to-peerplatform also may support deterministic, synchronous applications.

[0383] As an example of a nondeterministic, asynchronous application,consider a network-based music request service that operates over apeer-to-peer platform-based peer-to-peer network. A peer submitsmultiple requests for music files and then checks back later to see ifthe music request service in the peer group has found them. A fewrequested files have been found, but others cannot be located. Theservice's response in regards to the files that cannot be located may besomething like “Music selection and availability changes continuously;please retry your request later.” This is an acceptable nondeterministicoutcome. Even though the service could not find a file, the same filemay be available later if the same request is resubmitted, because peersthat host the desired files may have come online in the meantime.

[0384] The peer-to-peer platform provides the ability to replicateinformation toward end users. Popular content tends to be replicatedmore often, making it easier to find as more copies are available. Peersdo not have to always go back to the same peer to obtain the informationthey want, as is typical in the client/server model. Peers may obtaininformation from neighboring peers that have already cached theinformation. Each peer may become a provider to all other peers.

[0385] In one embodiment, the peer-to-peer platform may enable peers tofind content that is closest to them. This content may include data.(e.g. files) or even services and applications. For example, if a peernode in an office peer-to-peer network using the peer-to-peer platformis moved, the peer-to-peer platform may allow the peer to automaticallylocate content (e.g. using a discovery service that participates in thediscovery protocol) including services (e.g. a printer service and anemail service) hosted by other peers closest to the peer's new location,without requiring any manual reconfiguration. Further, at least somecontent may be copied or moved to the peer in its new location and/or toother peers proximate to the new location.

[0386] In one embodiment, the peer-to-peer platform may provide adecentralized environment that minimizes single points of failure and isnot dependent on any centralized services. Both centralized anddecentralized services may be developed on top of the peer-to-peerplatform. With the addition of each new network peer, the networkplatform preferably becomes more robust as it expands. In theenvironment, services may be implemented to interoperate with otherservices giving rise to new peer-to-peer applications. For example, apeer-to-peer communications service like instant messaging may easily beadded to a resource-sharing peer-to-peer application if both support atleast the necessary peer-to-peer platform protocols.

[0387] The peer-to-peer platform may provide interoperability. Thepeer-to-peer platform may be used by developers independent of preferredprogramming languages, development environments, or deploymentplatforms. Embodiments of the peer-to-peer platform may enableinterconnected peers to easily locate each other, communicate with eachother, participate in community-based activities, and offer services toeach other seamlessly across different peer-to-peer systems anddifferent communities. The peer-to-peer platform may also provideplatform independence. Embodiments of the peer-to-peer platform may beindependent of programming languages (such as C/C++, Java, Perl, andKVM), system platforms (such as the Microsoft Windows, UNIX®, Solaris,Linux and Macintosh platforms), and networking platforms (such asTCP/IP, Bluetooth and Havi). Thus, heterogeneous devices with completelydifferent software stacks may interoperate through the peer-to-peerplatform protocols. Embodiments of the peer-to-peer platform may beimplementable on any device with a digital heartbeat, including, but notlimited to, sensors, consumer electronics, Personal Digital Assistants(PDAs), appliances, network routers, desktop computers, data-centerservers, and storage systems. Embodiments of the peer-to-peer platformmay enable peers, independent of software and hardware platform, tobenefit and profit from being connected to millions of other peers.

[0388] In one embodiment, the peer-to-peer platform may run on any ofvarious operating systems including embedded operating systems (with theappropriate level of Java runtime support, if required) such asWindows95, 98, 2000, ME, and NT, Solaris, Unix, Macintosh, Linux, Java 2Platform, Micro Edition (J2ME) and PersonalJava Technology. Thepeer-to-peer platform may be implemented in any of a variety ofdevelopment environments using any of a variety of programminglanguages, or combinations of programming languages, including, but notlimited to, Java, Java 2ME, C/C++, Perl, Python and KVM. In oneembodiment, the peer-to-peer platform may be implemented in Java. In oneembodiment, a peer-to-peer platform may be implemented in C/C++ on somedevices, for example, to support devices without Java support. In oneembodiment, a peer-to-peer platform may be implemented in KVM on somedevices, for example, so that all KVM capable devices such as PDAs andcell phones can be peer-to-peer platform peers. Programming languagesother than those listed may also be used in various embodiments.

[0389] A minimal device with the ability to generate a text string maytheoretically participate in a peer-to-peer platform network (though notnecessarily in every peer-to-peer application). The simplistic devicemay need a surrogate peer on the peer-to-peer network. This surrogatepeer may perform discovery, advertisement, and communications on behalfof the simplistic device (or many simplistic devices). The location ofthe surrogate may be hard-wired into the simplistic device. In this way,the simplistic device with the help of the surrogate can be afull-fledged peer on the peer-to-peer platform network. For example, aGPS locator, strapped to a sea turtle and sending out peer-to-peerplatform messages wirelessly with location information, may become apeer on a peer-to-peer platform network.

[0390] Embodiments of the peer-to-peer platform may be independent oftransport protocols. For example, the peer-to-peer platform may beimplemented on top of TCP/IP, HTTP, Bluetooth, HomePNA, and otherprotocols. Thus, a system built on top of the peer-to-peer platformpreferably functions in the same or similar fashion when the system isexpanded to a new networking environment or to a new class of devices,as long as there is a correct transport protocol handler for the newnetworking protocol.

[0391] In one embodiment, the peer-to-peer platform may use XML as theencoding format. XML may provide convenience in parsing andextensibility. Other embodiments of the peer-to-peer platform may useother encoding formats. The use of XML does not imply that allpeer-to-peer platform peer nodes must be able to parse and to create XMLdocuments. For example, a cell phone with limited resources may beprogrammed to recognize and to create certain canned XML messages andcan still participate in a peer-to-peer platform network of peers. Inone embodiment, a lightweight XML parser may be used that supports asubset of XML. This may help reduce the size of the peer-to-peerplatform.

[0392] There may be areas in a peer-to-peer environment where there isnot one correct way to do something or where what should be done dependson the nature and context of the overriding application. For example, inthe area of security, every peer-to-peer application may choose adifferent authentication scheme, a different way to ensure,communication security, a different encryption algorithm for datasecurity, a different signature scheme for authenticity, and a differentaccess control policy. Therefore, for these areas, the peer-to-peerplatform may preferably focus on mechanisms instead of policy, so thatapplication developers can have the maximum freedom to innovate andoffer competitive solutions.

[0393] Implementations of the peer-to-peer platform may be illustratedwith a few application or usage scenarios. For example, assume there isa peer-to-peer community offering a search capability for its members,where one member can post a query and other members can hear and respondto the query. One member is a Napster user and has implemented a featureso that, whenever a query is received seeking an MP3 file, this memberwill look up the Napster directory and then respond to the query withinformation returned by the Napster system. Here, a member without anyknowledge of Napster may benefit because another member implemented abridge to connect their peer-to-peer system to Napster. The peer-to-peerplatform may provide a platform bridge that may be used to connect thevarious peer-to-peer systems together.

[0394] In another example, one engineering group requires a sizablestorage capability, but also with redundancy to protect data from suddenloss. Using the peer-to-peer platform, each group may buy a simplestorage system without a mirroring feature, where the disks can thendiscover each other automatically, form a storage peer group, and offermirroring facilities using their spare capacity.

[0395] As yet another example, many devices such as cell phones, pagers,wireless email devices, Personal Digital Assistants (PDAs), and PersonalComputers (PCs) may carry directory and calendar information. Using thepeer-to-peer platform, these devices may be able to interact with eachother, without extra networking interfaces except those needed by thedevices themselves, using the peer-to-peer platform as the common layerof communication and data exchange.

[0396] Peer-to-Peer Platform Identifiers

[0397] In embodiments the peer-to-peer platform, peer-to-peer platformprotocols may need to refer to peers, peer groups, pipes and otherpeer-to-peer platform resources. In one embodiment, these references maybe presented in the protocols as peer-to-peer platform identifiers.Peer-to-peer platform identifiers may provide a mechanism for uniquelyidentifying specific peer groups, peers, pipes, contents and serviceinstances, among other resources. Peer-to-peer platform identifiers mayprovide unambiguous references to the various peer-to-peer platformentities. There may be several types of peer-to-peer platform entitieswhich may have peer-to-peer platform identifier types defined includingone or more of, but not limited to: peer groups, peers, pipes, content,module classes and module specifications.

[0398] In one embodiment, peer-to-peer platform identifiers may bepresented as Uniform Resource Names (URNs). URNs are a form of URI(Uniform Resource Identifier) that are intended to serve as persistent,location-independent, resource identifiers. Like other forms of URI,peer-to-peer platform identifiers are presented as text. Refer to IETFRFC 2141 for more information on URNs.

[0399] In one embodiment, a peer-to-peer platform identifier is astandard URN in the peer-to-peer platform identifier namespace.Peer-to-peer platform identifier URNs may be identified by a namespaceidentifier, for example “xxxx.” Each peer-to-peer platform identifierURN may also include an identifier format keyword. The identifier formatkeyword may indicate how the identifier was created and may allowpeer-to-peer platform bindings to extract additional information fromthe identifier. In one embodiment, peer-to-peer platform identifierformats may be defined to refer to resources both within peer-to-peerplatform and to bridge to other technologies. One embodiment may use theABNF syntax as defined in “IETF RFC 2234” as a format specification.

[0400] When peer-to-peer platform identifiers are used withinpeer-to-peer platform protocols, the identifiers may be manipulated astext string URIs. Operations available for URIs may include compare,resolve, and decompose. Peer-to-peer platform identifier URIs may becompared for equality as strings. Peer-to-peer platform identifier URIsmay also be resolved to the resource they reference. Peer-to-peerplatform identifier URIs may be decomposed and interpreted bypeer-to-peer platform bindings. To interpret a peer-to-peer platformidentifier, a peer-to-peer platform binding may support the identifierformat used by that peer-to-peer platform identifier. For manypeer-to-peer platform protocols and operations, it may not be necessaryto decompose the peer-to-peer platform identifiers.

[0401] In one embodiment, peer group identifiers may be used to refer topeer groups. In one embodiment, a peer group identifier may canonically,uniquely and unambiguously refer to a peer group. In one embodiment,other identifier formats may support this identifier type because theother identifier types may refer to the peer group to which they belong.

[0402] In one embodiment, peer identifiers may be used to refer topeers. In one embodiment, a peer identifier may canonically, uniquelyand unambiguously refer to a peer. If a peer-to-peer platform bindingrecognizes the identifier format, it may be able to extract a peer groupidentifier from a peer identifier. This peer group identifier identifiesthe peer group of which the peer is a member.

[0403] In one embodiment, codat identifiers may be used to refer tocodats. A codat identifier may canonically, uniquely and unambiguouslyrefer to a codat. In one embodiment, support for codat identifiers maybe optional. In one embodiment, if a peer-to-peer platform bindingrecognizes the codat identifier format, it should be able to extract apeer group identifier from a given codat identifier. This peer groupidentifier identifies the peer group to which the codat belongs.

[0404] The term “codat” as used herein refers to any computercontent—code, data, applications, or other collection of computerrepresentable resources. In one embodiment, the peer-to-peer protocolmay not distinguish among different types of resources that can bestored on a computer and shared among peers in a peer group. Examples ofcodat include text files, photographs, applets, executable files,serialized Java objects, SOAP messages, etc. Codats are the elementaryunit of information that is exchanged among peers. In this embodiment,given that codats may have arbitrary forms and properties, it may not beclear what sets of actions should be defined for them. In oneembodiment, the codats may carry or include definitions of how theyshould be accessed. Such codats are analogous to objects, which maydefine for themselves access methods others can invoke.

[0405] In one embodiment, pipe identifiers may be used to refer topipes. A pipe identifier may canonically, uniquely and unambiguouslyrefer to a pipe. In one embodiment, support for pipe identifiers may beoptional. In one embodiment, if a peer-to-peer platform bindingrecognizes the pipe identifier format, it should be able to extract apeer group identifier from a given pipe identifier. This peer groupidentifier identifies the peer group to which the pipe belongs.

[0406] In one embodiment, a module class identifier may identify aparticular local behavior; for example, a specific API for eachexecution environment for which an implementation of the module exists.A module class identifier may canonically, uniquely and unambiguouslyrefer to a module class as defined by an advertisement. If apeer-to-peer platform binding recognizes the module class identifiertype, it should be able to extract a base class identifier from a moduleclass identifier. The base class identifier allows applications todetermine if two module class identifiers differ only in the “role” theyperform. In one embodiment, a module specification identifier's “roles”may allow the same module to be reused within a group and to haveinstances distinguished. This may be necessary when, for example, acommon database service is used, with each role accessing a differentdata set.

[0407] In one embodiment, a module specification identifier may uniquelyidentify a particular network behavior (e.g. wire protocol andchoreography) that may be embodied by a software module. In oneembodiment, there may be any number of implementations of a given modulespecification identifier. A module specification identifier may uniquelyidentify an abstract module for which there may be multipleplatform-specific implementations. A module specification identifier maybe used to locate a compatible implementation so that it can beinstantiated. In one embodiment, all such implementations are assumed tobe network compatible. A module specification identifier maycanonically, uniquely and unambiguously refer to a module specification.If a peer-to-peer platform binding recognizes this identifier type, itshould be able to extract a Module class identifier from a Modulespecification identifier. In one embodiment, each peer-to-peer platformidentifier types may have a specific definition for how its fields arerepresented within its structure.

[0408] In one embodiment, for peer-to-peer platform module classidentifiers, each module may be assigned a module service identifierthat may enable canonical references to be made to the service in thecontext of a specific peer group, and optionally within the context of aspecific peer. In one embodiment, for peer-to-peer platform modulespecification identifiers, each service may be assigned a unique serviceidentifier that may enable canonical references to be made to theservice in the context of a specific peer group, and optionally withinthe context of a specific peer.

[0409] One embodiment of the peer-to-peer platform may define anidentifier format that may be used for encoding peer-to-peer platformidentifiers-. Peer-to-peer platform binding implementations preferablysupport this identifier format. In one embodiment, there may be one ormore reserved peer-to-peer platform identifiers, including, but notlimited to, the null identifier, the world peer group identifier, andthe net peer group identifier.

[0410] UUIDs

[0411] A peer group may theoretically be as large as the entireconnected universe. Naming anything uniquely is a challenge in such alarge namespace. In one embodiment, the peer-to-peer platform maysupport and/or provide sophisticated naming and binding services. In oneembodiment, the peer-to-peer platform may use a universal uniqueidentifier (UUID), for example, a 64- or 128-bit datum, to refer to anentity or resource (e.g. a peer, peer group, service, application, pipe,advertisement, endpoint, content, etc.). For example, UUIDs may beembedded in advertisements for internal use.

[0412] UUIDs provide unique identifiers for resources in thepeer-to-peer environment, and, in one embodiment, may identify theresource independently of the resource's location on the network. A UUIDmay be bound to other information, such as a network address of thecorresponding resource and/or a resource name of the resource. Thus,UUIDs help to provide peers, services and other peer-to-peer environmententities with access to resources in the peer-to-peer environmentindependent of the resources' locations.

[0413] In one embodiment, UUIDs may be used to guarantee that eachresource or entity has a unique UUID within a local runtime environmentand serves as a canonical way of referring to an entity, but because aglobal state is not assumed, it may not be possible to provide aguarantee of uniqueness across an entire community that may consist ofmillions of peers. This may not be a problem because a UUID may be usedwithin the peer-to-peer platform as an internal identifier. This maybecome significant only after the UUID is securely bound to otherinformation such as a name and a network address.

[0414] The UUID is an abstract data structure, and thus virtually anycanonical method may be used for representing UUIDs for use inpeer-to-peer environments. In one embodiment, different peer groups mayimplement different canonical representations of UUIDs in the samepeer-to-peer environment. In one embodiment, Uniform Resource Name (URN)format may be used for the representation of UUIDs. In one embodiment,Uniform Resource Identifier (URI) format may be used. In one embodiment,Uniform Resource Locator (URL) format may be used. In one embodiment,custom and/or proprietary methods of representing UUIDs may be used. Forexample, one peer group may use URN format for UUIDs, and another peergroup may use a proprietary alphanumeric naming scheme.

[0415] In one embodiment, the UUIDs may be used in providing flexibleconfiguration and seamless relocation of peer nodes on a peer-to-peernetwork, and may assist in locating and accessing content includingservices nearest to a peer node when the peer node is moved. Forexample, a businessperson based in New York may participate in apeer-to-peer network based on the peer-to-peer protocols using anotebook computer or other portable computing device connected to a LANas a peer node. The businessperson may access an instance of an emailand/or other services locally hosted by other peer nodes in a peer groupon the LAN. If the businessperson travels to Paris, for example, andtakes the notebook computer, the notebook computer may be connected to adifferent LAN at the Paris location and participate in the peer-to-peernetwork. Because the peer node has a unique identifier in thepeer-to-peer network (e.g. a UUID) rather than just a static networkaddress (the unique identifier may be bound to the static networkaddress), the peer node may seamlessly access instances of an emailservice and other services locally hosted on the LAN, or alternativelyhosted on a peer node at the peer node's original location or elsewhere,using the UUID to establish its identity. The peer node may rejoin thepeer group in New York to access one or more instances of services andother content hosted on the peer group, and may also join a peer groupat the Paris location to access one or more other instances of servicesand content.

[0416] Thus, the peer-to-peer protocols and UUIDs may provide theability for peer nodes to move to different peer groups and/or peerregions and access services and other content independent of networkaddresses and without requiring reconfiguration of the peer node. Forexample, when the exemplary peer node moves to Paris, connects to thenetwork (at a different network address) and accesses an instance of anemail service (either locally or remotely hosted, for example in the NewYork peer group), the email service may identify the peer node by itsunique identifier and route the peer's email to the peer node at the newnetwork address without requiring reconfiguration of the peer node.Thus, peer nodes may be relocated and access services and other contentthat are locally hosted or services and other content hosted in theiroriginal peer group if the services and other content are not requiredto be locally hosted.

[0417] Peers

[0418] Network nodes (peers) of various kinds may join the peer-to-peernetworking platform by implementing one or more of the platform'sprotocols. A peer may be any networked device (e.g. sensor, phone, PDA,PC, server, supercomputer, etc.) that implements one or more of the corepeer-to-peer platform protocols. Each peer operates independently andasynchronously of any other peer, providing a degree of reliability andscalability not typically found in current distributed systems. Somepeers may have more dependencies with other peers due to specialrelationships (e.g. gateways or routers). In one embodiment, a peer doesnot need to understand all of the protocols of the peer-to-peerplatform. The peer can still perform at a reduced level if it does notsupport one or more of the protocols.

[0419] Peers may publish and provide network resources (e.g. CPU,storage and routing resources) that may be used by other peers. Peersmay provide network services that may be used by other peers. Peerstypically interact with a small number of other peers (network neighborsor buddy peers). Peers that provide the same set of services tend to beinter-changeable. Thus, it may not matter which peers a peer interactswith. Generally, assumptions should not be made about peer reliabilityor connectivity, as a peer may appear or leave the network at any time.Peers may have persistent storage. A peer may optionally cacheinformation.

[0420] Peers may have multiple network interfaces. In one embodiment, apeer may not need to publish all of its interfaces for use with thepeer-to-peer protocols. Each published interface may be advertised as apeer endpoint. In one embodiment, a peer endpoint is an identifier (e.g.a URN or URI) that uniquely identifies a, peer network interface. Peerendpoints may be used by peers to establish direct point-to-pointconnections between peers. Peers may not have direct point-to-pointnetwork connection between themselves, either due to lack of physicalnetwork connections, or network configuration (NATs, firewalls, proxies,etc.), and thus a peer may have to use one or more intermediary peers toroute a message from an endpoint to another peer endpoint.

[0421] The term rendezvous peer may be used to designate a peer that isdesignated to be a rendezvous point for discovering information aboutother peers, peer groups, services and pipes. In one embodiment,rendezvous peers may cache information that may be useful to peersincluding new peers. Rendezvous peers may provide an efficient mechanismfor peers that are far away to find (e.g. discover) each other.Rendezvous peers may make peer discovery more practical and efficient.In one embodiment, a peer group is not required to have a rendezvouspeer. In one embodiment, any or even all members of a peer group maybecome rendezvous peers in a peer group. In one embodiment, each peergroup may have different policies to authorize a peer to become arendezvous peer.

[0422] The term router peer may be used to describe a peer that crossesone or more regions and is designated to be a router between theregions. Router peers may be used to route messages between differentnetwork protocols (e.g. TCP/IP, IrDA) or to peers that are behindfirewalls. In one embodiment, any or all peer members may becomerouters. In one embodiment, peer groups may have different policies toauthorize a peer to become a router peer for other peers.

[0423] In one embodiment, every peer in the peer-to-peer network mayhave a unique peer identifier (e.g. UUID). Other peer-to-peer networkresources may also have unique identifiers, including peer groups,services, applications, pipes, endpoints, content and resourceadvertisements. In one embodiment, the peer identifier may identify apeer group in which the peer is a member peer. In one embodiment, a peermay have a different peer identifier for each group in which it is amember peer. A peer identifier that also identifies a peer group inwhich the peer is a member peer may be used to differentiate peers thatseek access to a service or content on a peer within the peer group. Forexample, a peer may provide implementations of a service in two or moredifferent peer groups in which it is a member peer. The peer mayadvertise a different peer identifier within each peer group, and maydifferentiate between messages received from peers in the different peergroups by examining their respective peer identifiers to identify theparticular peer group in which the peers that sent the messages aremember peers to determine which service implementation to provide to therequesting peers.

[0424] Peers may be identified by their unique identifier (UUID) ratherthan by a fixed address. When a peer boots, it attempts to contact otherpeers. In one embodiment, contacted peers may include variable-sizedcaches that map nearby peers' UUID to their current addresses. Thisallows embodiments of the peer-to-peer platform to be run over a dialupconnection, for example.

[0425] The peer identifiers may be included in resource advertisementsof resources associated with the peers. For example, the peeridentifiers may be included in peer advertisements, peer groupadvertisements, service advertisements, pipe advertisements and endpointadvertisements, among others. In one embodiment, a peer identifier maybe bound to a network address (e.g. IP address, URI, URN or URL) of thepeer. If the peer changes network addresses (e.g. is moved to a newnetwork location), the peer identifier may be unbound from the networkaddress and bound to the new network address. Thus, the peer identifierprovides a dynamic identification and addressing mechanism for peers inthe peer-to-peer network, rather than a static mechanism, allowing peersto change network locations and still be identifiable (e.g. in peergroups the peer is a member peer of) using the same peer identifier.

[0426] In one embodiment, the peer identifier may include informationidentifying a particular peer group the peer is a member peer of. In oneembodiment, a peer may be assigned a different, unique peer identifierfor each peer group the peer is a member peer of. In one embodiment,peer identifiers may be included in messages received from other peers.If the receiving peer is a member in more than one peer group, thereceiving peer may use the peer identifiers received in the messages toidentify particular implementations of resources (e.g. services, pipes,endpoints and content) that are available for access by the sendingpeers.

[0427] The resource identifiers may be included in resourceadvertisements for the resources. At least a portion of the resourceidentifiers may be bound to a network address (e.g. IP address, URI, URNor URL) corresponding to the resource. At least a portion of theresource identifiers may also specify a particular peer and/or peergroup that hosts the resource. Resources may include, but are notlimited to, peers, peer groups, services, applications, advertisements,content, pipes and pipe endpoints.

[0428] In one embodiment, a peer may be assigned a unique string as aname. Any naming scheme may be used. In one embodiment, names are notunique unless a coordinated naming service is used to guarantee nameuniqueness. A naming service is typically a centralized service thatguarantees the uniqueness of name and can be used to register namemapping. Examples of naming services are DNS and LDAP. In oneembodiment, the use of a naming service may be optional.

[0429] Peer Groups

[0430] Peers may spontaneously discover each other on the network toform transient or persistent relationships called peer groups. Peergroups are collections of peers that may share some common interest orinterests. Peer groups may also be statically predefined. In oneembodiment, a peer group may provide one or more peer group services. Inone embodiment the peer-to-peer platform may defines a core set of peergroup services. The peer-to-peer platform protocols may specify the wireformat for these core peer group services. Additional peer groupservices may be developed for delivering specific services. For example,a lookup service could be implemented to find active (running on somepeer) and inactive (not yet running) service instances

[0431] Some embodiments of the peer-to-peer platform may describe how tocreate and discover peer groups, but may not dictate when, where, or whyto create a peer group, the type of the group, or the membership of thegroup. A peer group may provide a common membership definition. Eachpeer group may establish its own membership policy in a range from open(any peer can join) up to highly secure and protected (a peer may joinonly if it possesses sufficient credentials).

[0432] In one embodiment, peers wishing to join a peer group may firstlocate a current member, and then request to join the peer group. Thepeer-to-peer platform may define how to discover peer groups, e.g. usinga peer discovery protocol. The application to join may be rejected oraccepted by the collective set of current members in accordance with thepeer group's membership policy. In one embodiment, a peer group coremembership service may be used to enforce a vote among one or more groupmembers. Alternatively, one or more group representative member peersmay be elected or appointed to accept or reject new membershipapplications.

[0433] In one embodiment, the peer-to-peer platform is not concernedwith what sequence of events a peer or a peer group comes intoexistence. Moreover, in one embodiment, the peer-to-peer platform doesnot limit how many groups a peer can belong to. In one embodiment,nested and/or overlapping peer groups may be formed. In one embodiment,there may be a special group, called the World Peer Group, which mayinclude all peer-to-peer platform peers. In one embodiment, the worldpeer group may provide the minimum seed for every peer to potentiallyfind each other and form new groups. In one embodiment, the world peergroup has an open membership policy (e.g. has a null membershipauthenticator service). Some peers inside the world peer group may notbe able to discover or communicate with each other—e.g., they may beseparated by a network partition. In one embodiment, participation inthe World Peer Group is by default.

[0434] The peer-to-peer platform may use the concept of a peer group asan implicit scope of all messages originated from within the group. Peergroups may serve to subdivide the network into abstract regionsproviding an implicit scoping mechanism. Peer groups may provide alimited scoping environment to ensure scalability. Peer groups may beformed and self organized based upon the mutual interest of peers. Inone embodiment, no particular rules are imposed on the way peer groupsare formed, but peers with the same interests may tend to join the samepeer groups.

[0435] In one embodiment, a scope may be realized with the formation ofa corresponding peer group. Peer group boundaries may define the searchscope when searching for a group's content. For example, a peer in SanFrancisco looking to buy a used car is normally not interested in carsavailable outside of the Bay Area. In this case, the peer may want tomulticast a message to a subset of the current worldwide peer group, anda subgroup may be formed especially for this purpose. In one embodiment,the multicast may be done without the formation of a new peer group. Inone embodiment, all messages may carry a special scope field, which mayindicate the scope for which the message is intended. Any peer whoreceives this message may propagate the message based on the scopeindicator. In one embodiment, using this approach, a sending peer may bebootstrapped with some well-defined scopes, and may have the ability todiscover additional scopes.

[0436] Peer groups may also be formed based upon the proximity of themember peers. Proximity-based peer groups may serve to subdivide thenetwork into abstract regions. Regions may serve as a placeholder forgeneral communication and security configurations that deal withexisting networking infrastructure, communication scopes and securityrequirements. Peer groups may provide a scoping mechanism to reducetraffic overload.

[0437] Peer groups may provide a secure cooperative environment. Peergroup boundaries permit member peers to access and publish protectedcontents. Peer groups form virtual secure regions which boundaries limitaccess to the peer group resources. Secure services may be provided topeers within a secured peer group. Their boundaries may or may notreflect any underlying physical network boundaries such as those imposedby routers and firewalls. The concept of a region may virtualize thenotion of routers and firewalls, subdividing the network into secureregions in a self-organizing fashion without respect to actual physicalnetwork boundaries.

[0438] Peer groups may also create a monitoring environment. Peer groupsmay permit peers to monitor a set of peers for any special purpose(heartbeat, traffic introspection, accountability, etc.). Peer groupsmay also provide a controlled and self-administered environment. Peergroups may provide a self-organized structure that is self-managed andthat may be locally managed.

[0439] In one embodiment, peer groups using the peer-to-peer platformmay provide capabilities to peers including one or more of, but notlimited to, finding nearby peers, finding named peers anywhere on thenetwork, finding named peer groups anywhere on the network, joining andresigning from a peer group, establishing pipes between peer groupmembers, and finding and exchanging shared content.

[0440] Content

[0441] Peers may be grouped into peer groups to share content. A contentis published and shared among the peer members of a peer group. In oneembodiment, content may be shared among group members, but not betweengroups. In this embodiment, no single item of content may belong to morethan one group. If the same content is published in two different peergroups, two different contents may be created. In one embodiment, acontent item may be published to make the item's existence known andavailable to group members using advertisements.

[0442] An instance of content is a copy of a content. Each content copymay be replicated on different peers in the peer group. In oneembodiment, each copy may have the same content identifier as well as asimilar value. Replicating contents within a peer group may help anysingle item of content be more available. For example, if an item hastwo instances residing on two different peers, only one of the peersneeds to be alive and respond to the content request. In one embodiment,the peer-to-peer platform protocols do not specify how or when contentsare replicated. In one embodiment, whether and how to copy an item ofcontent may be a policy decision that may be encapsulated inhigher-level applications and services, for example a content managementservice.

[0443] A content may be any computer content (e.g. code, data,applications, active content such as services, or other collection ofcomputer-representable resources). Examples of content include, but arenot limited to, a text file, a structured document (e.g. a PDF or a XMLfile), a Java “.jar” or loadable library, code or even an executableprocess (checkpointed state). No size limitation is assumed. Eachcontent instance may reside on a different peer in the peer group. Theinstances may differ in their encoding type. HTML, XML and WML areexamples of encoding types. Each instance may have the same contentidentifier as well as a similar set of elements and attributes, and mayeven exist on the same peer. An encoding metadata element may be used todifferentiate instances of content. Making new instances of content ondifferent peers may help any single item of content be more available.For example, if an item has two instances residing on two differentpeers, only one of the peers needs to be alive and respond to thecontent request.

[0444] Items of content that represent a network service may be referredto as active content. These items may have additional coreelements.beyond the basic elements used for identification andadvertisement. In one embodiment, active content items may be recognizedby Multi-Purpose Internet Mail Extensions (MIME) content type andsubtype. In one embodiment, all peer-to-peer platform active contentsmay have the same type. In one embodiment, the subtype of an activecontent may be defined by network service providers and may be used toimply the additional core elements belonging to active contentdocuments. In one embodiment, the peer-to-peer platform may givelatitude to service providers in this regard, yielding many serviceimplementation possibilities.

[0445] In one embodiment, each item of content may have a uniquecanonical name. FIG. 3 illustrates an exemplary canonical content name(which may be referred to as a content identifier or content identifier)according to one embodiment. The unique identifier may include a peergroup universal unique identifier (UUID) 170, and may include anothername 174 that may be computed, parsed, and maintained by peer groupmembers. In one embodiment, the UUID may be a 128-bit field. In oneembodiment, the name may be a byte array. In one embodiment, theparticular name implementation within a peer group is not mandated bythe peer-to-peer platform. The name may be, for example, a hash code, aURI, a URN, or a name generated by any suitable means of uniquelyidentifying content within a peer group. In one embodiment, a length ofremainder field 172 may specify the length of the name field 174 forthis content in this particular implementation.

[0446] In one embodiment, once a content item has been published to thepeer-to-peer network, it may not be assumed that that the content can belater retrieved from the network. The content may be only available frompeers that are not currently reachable or not currently part of thenetwork. In one embodiment, once a content item has been published tothe peer-to-peer network, it may not be assumed that the content can bedeleted. Replication/republication of content by peers on the networkmay be unrestricted and the content may propagate to peers that are notreachable from the publishing peer.

[0447] Pipes

[0448] Pipes may provide the primary channels for communication amongpeers and are a mechanism for establishing communication between peers.Pipes may be used as communication channels for sending and receivingmessages between services. or applications over peer endpoints. Peerendpoints correspond to the available peer network interfaces that canbe used to send and receive data from another peer. Pipes may connectpeers that have a direct physical link and peers that do not have adirect physical link. In the latter case, one or more intermediary peerendpoints may be used to route messages between the two pipe endpoints.A pipe instance is, logically speaking, a resource within a peer group.The actual implementation of a pipe instance is typically through a pipeservice. In one embodiment, at each endpoint, software to send, orreceive, as well as to manage optional associated pipe message queues isassumed, but not mandated.

[0449] In one embodiment, pipes are a mechanism for interacting withservices on the peer-to-peer network. Rather than assuming a specificnaming system such as DNS or a specific network addressing system suchas IP, the peer-to-peer platform may abstract these concepts via severalmechanisms. Pipes provide a virtual abstraction of the network serviceusing a pipe identifier that is bound to a peer identifier via a pipeadvertisement, which in turn is bound to an endpoint address via a peeradvertisement and an endpoint advertisement. Pipes can thus be movedfrom one peer to another providing flexibility in the way a service isdeployed and consumed. The location of a machine (node) on the networkis abstracted via the concept of the peer that binds to an endpoint.This provides support for dynamic movement of endpoint addresses for aspecific peer.

[0450] In one embodiment, pipes are implemented as a service on a peer.In one embodiment, in order for a peer to send a message to anotherpeer's pipe, both peers must be part of the same peer group. This allowsgroups of peers to potentially implement different kinds of pipes,allowing for a flexible approach to communication.

[0451] In one embodiment, to connect to a pipe, a peer may send adiscovery request for a pipe advertisement containing specific keywords.The peer may then receive the requested pipe advertisement. The peer maythen send a pipe resolver request for a peer matching the pipeidentifier and may then receive the peer advertisement, for example froma pipe service that handles the request. The peer may then send datadown the pipe, for example using a URL addressing scheme.

[0452] In one embodiment, pipes in the peer-to-peer platform may beasynchronous, unidirectional, stateless and unreliable to provide thelowest overhead. In one embodiment, pipes may be unidirectional, andthus there may be input pipes and output pipes. Asynchronous pipes mayenable developers to build large-scale interconnected distributedservices and applications. In one embodiment, pipes may beindiscriminate, and may thus support binary code, data strings, Javatechnology-based objects, and/or applets, among others. In oneembodiment, the peer-to-peer platform may not define how the internalsof a pipe work. Any number of unicast and multicast protocols andalgorithms, and combinations thereof, may be used. In one embodiment,one pipe may be chained together with each section of the chain using adifferent transport protocol.

[0453] The pipe endpoints may be referred to as input pipes (receivingend) and output pipes (sending end). Pipes may provide the illusion of a“virtual” in and out mailbox that is independent of any single peerlocation and network topology (e.g. multi-hops route). Services andapplications may communicate through pipes without knowing on whichphysical peer a pipe endpoint is bound. When a message is sent into apipe, the message is sent to all peer endpoints currently connected(listening) to the pipe. The set of currently connected pipe endpoints(input pipes) may be obtained using the pipe binding protocol.

[0454] Unlike conventional mechanisms, peer-to-peer platform pipes mayhave ends that may be moved around and bound to different peers atdifferent times, or not connected at all. In one embodiment, pipes maybe virtual, in that a pipe's endpoint may be bound to one or more peerendpoints. In one embodiment, pipe endpoints may be non-localized to aphysical peer, and may be dynamically bound at creation time or runtimevia the pipe binding protocol. The pipe binding process may includediscovering and connecting the two or more endpoints of a pipe.

[0455] Using pipes, developers may build highly available services wherepipe connections may be established independently of a peer location.This dynamic binding of pipes helps to provide redundant implementationof services over a peer-to-peer network. A peer may logically “pick up”a pipe at any point in time. For example, a peer that wants to use aspell checker service man connect to a peer group's spell checker pipethat is implemented as a redundant peer group service. The peer may beserviced as long as there is at least one single instance of a spellchecker service still running somewhere within the peer group. Thus,using pipes as described herein, a collection of peers together mayprovide a high level of fault tolerance, where a new peer at a differentlocation may replace a crashed peer, with the new peer taking over theexisting pipe to keep the communication going.

[0456] In one embodiment, enhanced pipes with additional properties suchas reliability, security, and quality of service may be supported. Inembodiments where the peer-to-peer platform runs on top of transportsthat have such properties, an implementation may optimize and utilizethe transports. For example, when two peers communicate with each otherand both have TCP/IP support, then an implementation may use thebidirectional capabilities of TCP/IP to create bidirectional pipes.Other data transfer methods that may be implemented by pipes as providedat the service layer to provide different quality of service include,but are not limited to: synchronous request-response (the endpoint sendsa message, and receives a correlated answer), streaming (efficientcontrol-flow data transfer), bulk transfer (bulk reliable data transferof binary data), and secure (secure reliable data streams).

[0457] Pipes may offer several modes of communication. FIG. 4illustrates a point-topoint pipe connection between peers 200C and 200Daccording to one embodiment. In one embodiment, a point-to-point pipeconnects exactly two peer endpoints together, an input pipe 202A thatreceives messages sent from an output pipe 204A. The pipe appears as anoutput pipe to the sender and as an input pipe to the receiver, withtraffic going in one direction only—from the sender to the receiver. Inone embodiment, no reply or acknowledgement operation is supported. Inone embodiment, additional information in the message payload (forexample, a unique identifier) may be required to thread messagesequences. The message payload may also contain a pipe advertisementthat can be used to open a pipe to reply to the sender (send/response).

[0458]FIG. 4 also illustrates a propagate pipe with peer 200A as apropagation source and peers 200B and 200C with listening input pipesaccording to one embodiment. A propagate pipe may connect two or morepeer endpoints together, from one output pipe 204B to one or more inputpipes (e.g. 202B and 202C). The result is that any message sent into theoutput pipe is sent to all input pipes. Messages flow into the inputpipes from the output pipe (propagation source). A propagate message maybe sent to all listening input pipes. This process may create multiplecopies of the message to be sent. On transports that provide multicast(e.g. TCP/IP), when the propagate scope maps to underlying physicalsubnets in a one-to-one fashion, transport multicast be may used as animplementation for propagate. Propagate may be implemented usingpoint-to-point communication on transports that do not provide multicastsuch as HTTP.

[0459] Messages

[0460] In one embodiment, the peer-to-peer platform may use asynchronousmessages as a basis for providing Internet-scalable peer-to-peercommunication. The information transmitted using pipes may be packagedas messages. Messages define an envelope to transfer any kinds of data.A message may contain an arbitrary number of named subsections that mayhold any form of data. In one embodiment, the messages may be in amarkup language. In one embodiment, the markup language is XML. Eachpeer's messaging layer may deliver an ordered sequence of bytes from thepeer to another peer. The messaging layer may send information as asequence of bytes in one atomic message unit. In one embodiment,messages may be sent between peer endpoints. In one embodiment, anendpoint may be defined as a logical destination (e.g. embodied as aURN) on any networking transport capable of sending and receivingDatagram-style messages. Endpoints are typically mapped into physicaladdresses by the messaging layer at runtime.

[0461] In one embodiment, a message is a set of named and typed contentscalled elements. Thus, a message may be a set of name/value pairs. Thecontent may be of arbitrary types. Core services may send advertisementsas message element content.

[0462] As a message passes down a protocol stack (applications,services, endpoint and transports), each level may add one or more namedelements to the message. As a message is passed back up the stack on thereceiving peer, the protocol handlers may remove those elements. In oneembodiment, a message is an ordered sequence of message elements. In oneembodiment, the most recently added element appears at the end of themessage.

[0463] In one embodiment, a message element may include one or more of,but is not limited to, a namespace, a name (which may be optional), atype (which may be optional), a signature or digest (which may beoptional), and content. In one embodiment, every message element may beassigned to a namespace. Namespaces may be used to organize elementsused by different message users and transports within the same message.In one embodiment, two namespaces names are considered equivalent iftheir representation is byte-for-byte identical.

[0464] In one embodiment, one or more message element namespaces may bepredefined and reserved for user applications and services; peer-to-peerplatform protocols and/or services may not use or modify elements inthese reserved namespace. In one embodiment, one or more namespaces maybe reserved for internal use by the peer-to-peer platform protocols andservices. In this embodiment, applications preferably do not create,manipulate or assume the interpretation of any of the content ofelements in these namespaces. In some bindings, applications may beforbidden from accessing or creating elements in these namespaces. Inone embodiment, use of namespaces by services and applications may beoptional. In one embodiment, namespaces may not require formalregistration as the protocols used need only be agreed upon by theparticipants.

[0465] In one embodiment, message elements may have an optional name.Elements in the same message may have the same name.

[0466] In one embodiment, a type may be specified as a MIME type. Thetype may be used by the applications and services that process theelement. In one embodiment, there may be no restriction on the set ofMIME types that can be used by applications and services. In oneembodiment, the type of the element may be examined by a peer-to-peerplatform transport to determine how to format the message element toensure the most efficient transfer. In one embodiment, if a type is notspecified for an element, an application stream may be assumed.

[0467] In one embodiment, the contents of the element data may be opaqueto except to the applications and services which use these elements.

[0468] In one embodiment, a message may be a Datagram that may includean envelope and a stack of protocol headers with bodies and an optionaltrailer. The envelope may include, but is not limited to, a header, amessage digest, (optionally) the source endpoint, and the destinationendpoint. In one embodiment, each protocol header may include, but isnot limited to, a tag naming the protocol in use and a body length. Eachprotocol body may be a variable length amount of bytes that is protocoltag dependent. Each protocol body may include, but is not limited to,one or more credentials used to identify the sender to the receiver. Inone embodiment, such a message format may support multiple transportstandards. In one embodiment, an optional trailer may include traces andaccounting information.

[0469] The messaging layer may use the transport specified by the URN tosend and receive messages. In one embodiment, both reliableconnection-based transports such as TCP/IP and unreliable connectionlesstransports like UDP/IP may be supported. Other existing messagetransports such as IrDA, and emerging transports like Bluetooth may besupported using the peer endpoint addressing scheme. In one embodiment,peer-to-peer platform messages may be useable on top of asynchronous,unreliable, and unidirectional transport. In one embodiment, thepeer-to-peer platform protocols may use a low-level message transportlayer (e.g. XML) as a basis for providing Internet-scalable peer-to-peercommunication. In one embodiment, the peer-to-peer platform may notassume that the networking transport is IP-based.

[0470] The message digest in the envelope may be used to guarantee thedata integrity of messages. Messages may also be encrypted and signedfor confidentiality and refutability. In one embodiment, each protocolbody may include one or more credentials used to identify the sender tothe receiver. A credential is a key that, when presented in a messagebody, may be used to identify a sender and to verify that sender's rightto send the message to the specified endpoint. In one embodiment, thecredential may be an opaque token that may be presented each time amessage is sent. In one embodiment, the sending address placed in themessage envelope may be crosschecked with the sender's identity in thecredential. Credentials may be stored in the message body on aper-protocol <tag> basis. In one embodiment, the exact format andcontent of the credentials are not specified by the peer-to-peerplatform. For example, a credential may be a signature that providesproof of message integrity-and/or origin. As another example, a messagebody may be encrypted, with the credential providing further informationon how to decrypt the content. In one embodiment, each credential'simplementation may be specified as a plug-in configuration, which mayallow multiple authentication configurations to coexist on the samenetwork.

[0471] When an unreliable networking transport is used, each message maybe delivered more than once to the same destination or may not arrive atthe destination. Two or more messages may arrive in a different orderthan sent. In one embodiment, high-level communication services layeredupon the core protocols may perform message re-ordering, duplicatemessage removal, and processing acknowledgement messages that indicatesome previously sent message actually arrived at a peer. Regardless oftransport, messages may be unicast (point to point) between two peers ormay be propagated (like a multicast) to a peer group. In one embodiment,no multicast support in the underlying transport is required. In oneembodiment, peers receiving a corrupted or compromised message maydiscard the message. Messages may be corrupted or intentionally alteredin transmission on the network.

[0472] In one embodiment, the peer-to-peer platform may not mandate howmessages are propagated. For example, when a peer sends out a peerdiscovery message, the peer discovery protocol may not dictate if themessage should be confined to the local area network only, or if it mustbe propagated to every corner of the world.

[0473] In one embodiment, the peer-to-peer platform messages 252 may bedefined with the envelope 250 as illustrated in FIG. 5. In oneembodiment, the messages are defined in a markup language. In oneembodiment, the markup language is XML. The following is an exemplarymessage in XML: <SampleMessage>   <SampleMessageVersion> version number“1.0”   </SampleMessageVersion>   <SampleMessageDest> destination peeridentifier   </SampleMessageDest>   <SampleMessageSrc> source peeridentifier </SampleMessageSrc>   <SampleMessageDigest> digest</SampleMessageDigest>   <SampleMessageTagName> tag</SampleMessageTagName>   <SampleMessageTagData> body</SampleMessageTagData>     ............. <SampleMessageTagName> tag</SampleMessageTagName>   <SampleMessageTagData> body</SampleMessageTagData>   <SampleMessageTrailer> String</SampleMessageTrailer > </SampleMessage>

[0474] The version number may be a string. The destination and sourcepeer identifier may be represented as peer-to-peer platform identifiers(UUIDs). In one embodiment, the digest is either an MD5 or SHA1 hash ora digital signature. The digest may serve as a placeholder for either. Amessage may have as many tag parts as needed. In one embodiment, the tagname may be a string and the body may be a byte array containing astring without XML escape characters (“<”, “>”) or a base64 encodedstring.

[0475] In one embodiment, the message format may support binary dataand/or multi-part messages with MIME-types. The message format may allowfor arbitrary message header fields, including optional header fields.The message format may allow for data verification of message contentand the cryptographic signing of messages. The message format mayprovide an arbitrary number of named subsections that may contain anyform of data of any (reasonable) size. The message format may be“email-safe” such that its contents may be extracted reliably afterstandard textual transformations committed my E-mail client and serversoftware.

[0476] Software Modules

[0477] In a peer-to-peer network, one embodiment of a peer-to-peerplatform may use a mechanism for abstract identity and definition ofsoftware modules (e.g. services, applications, etc.) to provideinformation about the programming interface and functionality of thesoftware modules independently of protocols and behaviors that may beused to implement the software modules. Further, software modules in apeer-to-peer network may provide one or more implementations of a givenfunctionality, using various protocols and behaviors, while retaining acommon programming interface. The software modules may also provide oneor more different network-compatible implementations for differentexecution environments.

[0478] Embodiments may use identifiers (e.g., UUIDs) and advertisementsas described herein to describe and identify software modules, such asservices and applications, in a hierarchical manner. In one embodiment,a software module may be described in a module class advertisement andgiven a module class identifier. If that software module is used fordifferent purposes in the same context, the software module may befurther identified by an extension to its module class identifierreferred to as a role identifier. Each independent embodiment of thesoftware module that provides an independent set of network protocolsand behaviors may be assigned a module specification identifier.

[0479] In one embodiment, all implementations of all embodiments of agiven module class for a given execution environment may have the sameprogramming interface. Therefore, software modules interacting locallymay express their dependencies via their respective class identifiers(including the role extension), regardless of the particular executionenvironment and embodiment that was selected when configuring thatenvironment.

[0480] In one embodiment, a software module may be assigned a moduleclass identifier. Each independent embodiment of the software modulethat provides an independent set of network protocols and behaviors maybe described by a module specification advertisement and assigned amodule specification identifier. In one embodiment, a modulespecification identifier may be an extension of the identifier of themodule class of which the module specification is an embodiment. In oneembodiment, each implementation of each module specification may bedescribed by a module implementation advertisement that may include oneor more of, but is not limited to, the following information: a modulespecification identifier, an execution environment description, and areference to a software environment (e.g. a software package whichimplements the module specification for the execution environment).

[0481] To abstract software modules in peer-to-peer networkingenvironments, embodiments may use a tiered architecture to definemodules (e.g. services, advertisements, etc.) in a peer-to-peerenvironment. FIG. 31 illustrates this tiered architecture according toone embodiment. A first level of the tier may include one or more moduleclasses 1000. In one embodiment as illustrated in FIG. 31, each moduleclass 1000 may have one module specification 1002. A modulespecification 1002 may have one or more module implementations 1004.FIG. 32 illustrates the tiered architecture according to anotherembodiment. In this embodiment, each module class 1000 may have one ormore module specifications 1002. Each module specification 1002 may haveone or more module implementations 1004.

[0482] In one embodiment, the module class 1000 may include and/ordefine one or more of, but is not limited to, the “role” a module plays(e.g., in a peer group), how the module appears to other modules (e.g.,services and applications), plus the module's API in each supportedbinding. In one embodiment, the module specification 1002 may includeand/or define one or more of, but is not limited to, the module'sbehavior as it appears from the outside (e.g. from other modules),including the module's wire protocol and the module's compatibility withother instances of the same module, for example on other peers. In oneembodiment, the module implementation(s) 1004 may include one or moreimplementations of each module specification 1002, with each moduleimplementation being specific for one or more of various executionenvironments, bindings and other constraints. Each of these aspects of amodule may be published separately in advertisements.

[0483] To access a software module, a peer (or other entity such asanother software module (e.g. service, application, etc.)) may use adiscovery process such as that described herein for the peer-to-peerplatform to discover a module implementation advertisement correspondingto the execution environment of the peer. In one embodiment, thediscovery process may search for and discover peer specificationadvertisements that meet the specification requirements of the peer, anduse the one or more discovered peer specification advertisements tolocate a particular peer implementation advertisement for a moduleimplementation suitable for use in the peer's execution environment.

[0484] The layers of advertisements (module class, module specification,and module implementation) may be used to abstract the software modules(e.g. services) and platforms, to locate specifications for desiredsoftware modules, to locate implementations of the software modules, andto load and run the software modules.

[0485] Embodiments may provide a mechanism to identify a particularsoftware module (e.g. a service) and its behavior. In one embodiment, asoftware module such as a service may be described with a modulespecification identifier. The module specification advertisementdescribes the software module, e.g. the behavior of the software module.In one embodiment, no matter what platform a user (or other entity suchas another software module) is on, the user or other entity may locate(e.g. by a discovery process) a particular implementation of thesoftware module for the particular platform and be able to use thesoftware module. The module implementation advertisements may describeimplementations of the software module (which may be identified by amodule specification identifier, included in the module implementationadvertisements and the module specification advertisement) for differentplatforms, e.g. Windows, Unix and Solaris platforms.

[0486] As an example, a user or other entity may be able to locate anduse a particular implementation of a printing service for use with theplatform the user or other entity is on. In one embodiment, the user orother entity may first search for and locate a specification for thesoftware module, and once that is located the user or other entity maylook for a particular implementation of the software module usable onthe user or other entity's platform, load the implementation of thesoftware module according to the advertisements for use on the platform,and run the software module.

[0487] The layers of advertisements may also serve to separate thespecification from the implementation. This may reduce the size of themodule implementation advertisements, as the advertisements do not needto include the full specification for the software module but insteadmay refer back to the specification advertisement via the modulespecification identifier. This may allow software modules to beinitially located by specification for a particular class offunctionality, rather than having to search through many implementationadvertisements of software modules to find a desired implementation of aspecification, preferably making the discovery process simpler.

[0488] In one embodiment, after locating a desired module implementationadvertisement, using a PURI (Package Uniform Resource Identifier,described below) of the module implementation advertisement, on a Javaplatform, a URI or URL to the actual code of the software module may bespecified. On other platforms such as Unix and Linux, a file locationmay be specified by URL, URI, or other mechanisms. The code may bedownloaded, referenced on disk, or referenced by the URI or othermechanism. The SURI (Specification URI, described below) of the modulespecification advertisement may function similarly to retrieve adocument containing the module specification

[0489] Services

[0490] Peers may cooperate and communicate to publish, discover andinvoke network services. A service denotes a set of functions that aprovider offers. In one embodiment, a peer-to-peer platform peer canoffer a service by itself or in cooperation with other peers. In oneembodiment, a peer may publicize a service by publishing a serviceadvertisement for the service. Other peers may then discover the serviceusing the peer discovery protocol (through the advertisement) and makeuse of it. A peer may publish as many services as it can provide.

[0491] In one embodiment, services may either be pre-installed into apeer or loaded from the network. The process of finding, downloading andinstalling a service from the network may include performing a search onthe network for the service, retrieving the service, and then installingthe service. Once a service is installed and activated, pipes may beused to communicate with the service. In one embodiment, peer-to-peerplatform-enabled services may publish pipe advertisements as their maininvocation mechanism. The service advertisement may specify one or morepipe advertisements that may be used by a peer to create output pipes toinvoke the service. The service advertisement may also include a list ofpredetermined messages that may be sent by a peer to interact with theservice. The service advertisement may describe all messages that aclient may send or receive.

[0492] Several methods may be provided by various embodiments to publisha service. Services may be published before creating a new peer group byadding the service advertisement to the peer group advertisement.Services may also be published by adding the services in a separate peerservice advertisement. The discovery service may also allow newadvertisements to be added at runtime. The new advertisement will belongto a predefined peer group. Other methods of publishing services may beprovided. Note that service advertisements may be placed in the peergroup advertisement of any group. Since all peers belong to the globalpeer group, a peer may publish the service in the global peer groupadvertisement to make it available to any peer.

[0493] In one embodiment, services advertised in a peer groupadvertisement may be instantiated for a peer when the peer joins thegroup. In one embodiment, all the services are instantiated. In anotherembodiment, none, one, or more of the advertised services may beinstantiated when the peer joins the peer group. Service advertisementsin the peer group advertisement may include resolver, discovery,membership, peer information and pipe service advertisements. In oneembodiment, services advertised in a peer group advertisement are loadedon the peer when the peer boots. In one embodiment, this automatedloading is not mandatory but is part of the Java Binding. One embodimentmay provide a mechanism to force a service in a peer group advertisementto be instantiated by a peer.

[0494] In one embodiment, when a peer boots, any services advertised inthe peer advertisement are loaded. The peer advertisement corresponds tothe platform advertisement. These services may include the minimal setof services to bootstrap the creation of new peers: discovery service,membership service, resolver service, peer information service and pipeservice.

[0495] In one embodiment, when a peer switches from one peer group toanother, the first group's services remain active. In one embodiment, apeer may call a stop method on the service application interface to stopan instance of a local service. A peer that is a member of one peergroup that refers to a service may join a second peer group that alsorefers to the service while still a member of the first. Whether theservice is instantiated once or twice may depend on the serviceimplementation. Some service implementations may use a staticinstantiation that is done once. In this case, all groups share the sameinstance. Other service implementations are local to a peer group andare not aware of the state of any other peer groups on the same node.

[0496] In one embodiment, services may use a “time to live” indicatorthat defines when the service was created, and may also define thelifetime of the service. After its lifetime has expired, the staleservice may be purged.

[0497] A service may be well-defined and widely available so that a peercan use it directly. Other services may require special code to accessthe service. For example, the way to interface with the service providermay be encoded in a piece of software. In this example, it may bedesirable for the peer to be able to locate an implementation that issuitable for the peer's specific runtime environment. In one embodiment,if multiple implementations of the same service are available, thenpeers hosted on Java runtimes can use Java programming languageimplementations while native peers to use native code implementations.In one embodiment, service implementations may be pre-installed into apeer node or loaded from the network. In one embodiment, once a serviceis installed and activated, pipes may be used to communicate with theservice.

[0498] In one embodiment, each service may have a unique identifier. Inone embodiment, a service may have a name that may include a canonicalname string that may indicate the type and/or purpose of the service. Aservice may also provide optional information (e.g. a set of descriptivekeywords) that further describes the service. The unique identifier,name and optional information may be stored within a serviceadvertisement. The advertisement may also include other informationneeded to configure and instantiate a service.

[0499] In one embodiment, the peer-to-peer platform may recognize twolevels of services, peer services and peer group services. A servicethat executes only on a single peer may be referred to as a peerservice. A peer service is accessible only on the peer that ispublishing the service. If that peer happens to fail, then service alsofails. This level of service reliability may be acceptable for anembedded device, for example, providing a calendar and email client to asingle user. Multiple instances of the service may be run on differentpeers, but each instance publishes its own advertisement. A service thatis composed of a collection of cooperating instances (potentiallycooperating with each other) of the service running on multiple peers ina peer group may be referred to as a peer group service. A peer groupservice may employ fault tolerance algorithms to provide the service ata higher level of availability than that a peer service can offer. Ifany one peer fails, the collective peer group service may not beaffected, because the service may still be available from at least oneother peer member. Peer group services may be published as part of thepeer group advertisement.

[0500] In one embodiment, the peer-to-peer platform may include a set ofdefault peer group services such as peer discovery, as well as a set ofconfigurable services such as routing. In one embodiment, a peer-to-peerplatform peer may not be required to have one or all of these services.For example, a cell phone peer may be pre-configured with enoughinformation to contact a fixed server provided by the telecom operator.This may be enough to bootstrap the cell phone peer without requiring itto independently carry with it additional services.

[0501] In one embodiment, although the concept of a service isorthogonal to that of a peer and a peer group, a peer group formed usingthe peer-to-peer platform may require a minimum set of services neededto support the operation of the group. Some services may be well knownand may be referred to as peer-to-peer platform core services.Embodiments of the peer-to-peer platform may define a set of core peergroup services that may be used to form and support peer groups. In oneembodiment, the core peer group services may provide the minimumservices required to form a peer group (e.g. membership and discoveryservices). In one embodiment, the peer-to-peer platform core servicesmay be 100% decentralized and thus may enable pure peer-to-peer networkcomputing. In one embodiment, it is not required that all core servicesbe implemented by every peer group.

[0502] In one embodiment, the peer-to-peer platform may define peergroup core services including, but not limited to, a discovery service,a membership service, an access service, a pipe service, a resolverservice and a monitoring service. A discovery service may be used tosearch for peer group resources such as peers, peer groups, and pipes.The search criteria may include a resource name. Discovery and discoveryservices are described more fully later in this document.

[0503] In one embodiment, most peer groups will have at least amembership service. Current peer group members may use the membershipservice during the login process to reject or accept a new peer groupmembership application. The membership service may be a “null”authenticator service that imposes no real membership policy. Peerswishing to join a peer group first locate a current member, and thenrequest to join. The application to join may be either rejected oraccepted by the collective set of current members. The membershipservice may enforce a vote of peers or alternatively elect a designatedgroup representative to accept or reject new membership applications.

[0504] An access service may be used to validate, distribute, andauthenticate a group member's credentials. The access service may definethe type of credential used in the message-based protocols used withinthe peer group. The access service may be used to validate requests madeby one peer to another. The peer receiving the request provides therequesting peer's credentials and information about the request beingmade to the access service to determine if the access is permitted. Inone embodiment, not all actions within the peer group need to be checkedwith the access service, only those actions which only some peers arepermitted to use.

[0505] A pipe service may be used to establish and manage pipeconnections between the different peer group members. A resolver servicemay be used to send query string to peers to find information about apeer, a peer group, a service or a pipe. A monitoring service is used toallow one peer to monitor other members of the same peer group.

[0506] In on embodiment, not all the above services are required to beimplemented by a peer group. Each service may implement one or more ofthe peer-to-peer platform protocols. In one embodiment, a service mayimplement at least one protocol for simplicity and modularity reasons,but some services may not implement any protocols.

[0507] Other services may be user-defined and provide applicationdependent services such as content searching and indexing. Auser-defined service may provide additional APIs. User-defined servicesmay be implemented that may offer the ability to mix-in centralizationas a means of increasing performance. In one embodiment, thepeer-to-peer platform core services may provide a referenceimplementation for user-defined services. Examples of user definedservices may include, but are not limited to:

[0508] Efficient long-distance peer lookup and rendezvous using a peernaming and discovery service.

[0509] Simple, low-cost information search and indexing using a contentsharing service.

[0510] Interoperability with existing centralized networkinginfrastructure and security authorities in corporate, public, private,or university networks using administration services.

[0511] A resolver service may be implemented to find active (running onsome peer) and inactive (not yet running) service instances.

[0512] An FTP service that allows file transfers among peers over pipesusing FTP.

[0513] Network Services

[0514] Embodiments of the mechanism for abstract identity and definitionof software modules in peer-to-peer networking environments may be usedin implementing network services. A network service may be considered asone type of software module that may be abstracted using the mechanism.Software modules may also include applications, among other types.

[0515] In one embodiment, peers may cooperate and communicate topublish, discover and invoke network services. In one embodiment, peersmay discover network services via the peer discovery protocol of theexemplary peer-to-peer platform described herein. In one embodiment,network services may include peer services and peer group services. Apeer service may be accessible only on the peer that is publishing theservice. If that peer happens to fail, then the service also fails.Multiple instances of the service may be run on different peers, buteach instance publishes its own advertisement. A peer group service iscomposed of a collection of instances (potentially cooperating with eachother) of the service running on multiple members of the peer group. Ifany one peer fails, the collective peer group service may not beaffected, because the service may still be available from another peermember. Peer group services may be published as part of the peer groupadvertisement.

[0516] In one embodiment, services may be pre-installed into a peer orloaded from the network. The peer may follow a process of finding,downloading and installing a service from the network. To run a service,a peer may have to locate an implementation of the service (i.e. amodule implementation) suitable for the peer's runtime environment.Multiple implementations of the same service may allow, for example,Java peers to use Java code implementations, and native peers to usenative code implementations.

[0517] In one embodiment, the peer-to-peer platform may be designed tointeroperate and be compatible with various Web service standardsincluding one or more of, but not limited to, WSDL, uPnP, RMI, etc. Thepeer-to-peer platform protocols may define a generic framework topublish and discover advertisements that may describe services. In oneembodiment, peers may publish and discover advertisements via the peerdiscovery protocol. In one embodiment, an advertisement for a servicemay include necessary information to either invoke or instantiate theservice being described. In one embodiment, one or more peer-to-peerplatform protocols may define module advertisements to describeservices.

[0518] In one embodiment, peer-to-peer platform-enabled services areservices that are published using module specification advertisements.In one embodiment, a module specification advertisement may specify apipe advertisement that may be used by a peer to create output pipes toinvoke the service. In one embodiment, a module specificationadvertisement may include a list of pre-determined messages that may besent by a peer to interact with the service. In one embodiment, a modulespecification advertisement may include references to one or more otherservices that may be used as an authenticator for the service and/or asa local proxy for the service. In one embodiment, each service may beuniquely identified by its module specification identifier.

[0519] In one embodiment, a service may have several aspects including,but not limited to:

[0520] The “role” the service plays in the group; how the serviceappears to other services and applications, plus the service's API ineach supported binding. This may be referred to as the service class(i.e. the module class).

[0521] The service's apparent behavior from the outside, including, butnot limited to, wire protocol, and compatibility with the same serviceon other peers. In other words, a central definition of a service, orthe service's specification. This may be referred to as the servicespecification (i.e. the module specification).

[0522] One or more implementations of the specification for variousexecution environments, bindings and other constraints. These may bereferred to as the service implementations (i.e. moduleimplementations).

[0523] Each of these aspects of a service may be published separately,e.g. by the module advertisements described above. In one embodiment,there may be more specifications than classes and more implementationsthan specifications. In many cases, only the implementation is needed,for example, when instantiating a group that uses the service(s). Thelayered arrangement of class/specification(s)/implementation(s) may helpsave storage space by not requiring that information be duplicated inall implementation advertisements, and may help to prevent thedownloading of unneeded data. If this information was duplicated in allimplementation advertisements, not only would it occupy more storagespace than needed, but it also may cause the downloading of unneededdata.

[0524] Service specifications may be assigned a unique identifier at thetime the advertisement is published. Service implementations may usethis identifier to denote which service specification they implement.Service classes may be assigned a unique identifier when the class'sadvertisement is first published.

[0525] In one embodiment, service specifications may use identicalimplementations; therefore, service specification advertisements mayinclude a “free form” parameter section that includes one or moreparameters that may be used to control behavior. In one embodiment,service implementations may use identical code; therefore, serviceimplementation advertisements may include a “free form” parametersection that includes one or more implementation-dependent parameters.

[0526] In one embodiment, services may refer to each other (such as whenobtaining the interface of another service from the group) by theirclass identifier.

[0527] In one embodiment, the same service specification may be used toperform more than one role in a group. For example, consider twoinstances of the same data base service with two completely differentdata set and purposes. To support this, it service class identifiers maybe extended with a “role” suffix. In this embodiment, service classidentifiers without a role suffix may accept a null role suffix as avalid role suffix. Thus, service class identifiers may be “roled,” andif “roleing” is never needed, only a short service class identifier maybe needed.

[0528] In one embodiment, service specification identifiers may builtfrom the class identifier of the class that the service specificationimplements. In one embodiment, only the base class UUID may be includedso that service specification identifiers are unchanged by the additionof roles. This may be used, for example, to verify that a servicespecification does have the interface implied by the correspondingservice class, regardless of the role for which it is used.

[0529] In one embodiment, service implementation advertisements may listcompatibility requirements which may make them eligible to be loaded bya given group running in a given peer-to-peer platform implementation.

[0530] In one embodiment, groups, applications and endpoints may havesimilar constraints as services. For a group, the group specificationmay list the service specifications that this group supports. There maybe one or more implementations, depending on various executionconstraints. Endpoints and applications may function similarly oridentically to services (i.e. groups, applications and endpoints may beconsidered “modules” as are services). Therefore, the mechanismsdescribed above for services may also be used for groups, applicationsand endpoints.

[0531] In one embodiment, a peer group specification advertisement mayinclude indications of services, endpoints and initial applications ofthe peer group.

[0532] Similarly to how service implementations are correlated toservice specifications by a service specification identifier, a peergroup implementation may be correlated to a group specification by aunique identifier. This identifier may be referred to as a peer groupidentifier. A peer group specification may be a relatively largedocument. In one embodiment, since most of the peer group specificationmay only be needed if the group is to be instantiated, for publicizing agroup, a peer group specification advertisements including only a name,an identifier, and one or more keywords may be used to publish a peergroup. In one embodiment, to reduce the size of peer group specificationadvertisements, inheritance may be used between group definitions. Sincemost groups have a lot in common, a peer group specificationadvertisement may refer to another advertisement which may be common andtherefore cached. The above approaches to reducing the size of peergroup specification advertisements may be complementary.

[0533] In one embodiment, groups may load plug-in services according tothe group's implementation. In one embodiment, service descriptions maynot be required in a group advertisement. However, even if services arenot implemented via plug-ins, the existence of services may be aproperty of the group that is visible “on the wire.” Therefore, peergroup specification advertisements may list references to servicespecifications (e.g. the service specification identifier). In oneembodiment, it may be the responsibility of a group's implementation torealize the services listed in the peer group specificationadvertisement by loading a supported implementation for each service, byimplementing the service internally, or optionally using one or moreother mechanisms. In one embodiment, the service realizationmechanism(s) used is group implementation dependent.

[0534] In one embodiment, module (e.g. service) specificationadvertisements may not need to be downloaded in order to instantiate agroup unless one of the module (e.g. service) implementations needsparameters from the module (e.g. service) specification. In oneembodiment, module (e.g. service) specifications may be used by userswhen creating an implementation of the module (e.g. service).

[0535] In one embodiment, groups may need to uniquely identify each oftheir services, for example, to improve the robustness of demultiplexingservice-addressed messages. Since each service in a group belongs to aservice class, and no more than one service of each class may exist in agroup, the combination of the group identifier and the service classidentifier uniquely identify that service for service addressingpurposes.

[0536] In one embodiment, services may bind to and use each other. Inobtaining an interface to one of the other services, a service may usethe other service's class identifier to designate this other service.Services “know” each other by their role; and therefore they designateeach other by their class identifiers. For example, an implementation ofa discovery service may know that it needs a “Resolver.”

[0537] In one embodiment, for each service, a group advertisement maylist service specification identifiers for services of the group, sinceeach service specification identifier includes a corresponding serviceclass identifier. In one embodiment, to support roles, a groupadvertisement may optionally list an additional service class identifierfor each service. This identifier may differ from that embedded in thespecification identifier includes in that the former may have a rolesuffix and not the latter. In one embodiment, no two services may beassigned the same role in a given group.

[0538] In one embodiment, peer groups may have a variety ofspecifications, but may use a small number of implementations for thepeer group API itself. The specification of the peer group functionalityis the peer group specification advertisement, with its unique featuresand identifier. In one embodiment, to avoid publishing identical peergroup implementation advertisements (except for the servicespecification identifier of the group) for each group, roles may beused. Similar to services, groups may come in a small family of APIs andbehavior of the peer group class, and any number of roles for which theyare used (e.g. in the case of a group, various communities of users).Therefore, the “Role” model described for services may be extended togroups. There may be more than one class of group. Further, there may beRoles in these group classes. In one embodiment, the role identifier mayinclude the base class plus role suffix.

[0539] In one embodiment, a peer group specification advertisement mayhave two identifiers: the specification identifier that corresponds tothe particular group service specification that is being used and thefull class identifier (in one embodiment, including a role extension)that may be different for every group. In one embodiment, a servicespecification advertisement may include a class identifier in additionto a specification identifier, thereby specializing it for a given role(e.g. by changing parameters). In one embodiment, service specificationsmay be looked-up by their specification identifier, and servicespecifications may not be specialized for a role. In one embodiment,peer group specification advertisements may be looked-up byspecification identifier and role identifier. In one embodiment, notspecifying a role identifier when looking up a group may result in anerror, but may be used for browsing purposes.

[0540] In one embodiment, specifying a group may require one or more of,but may not be limited to:

[0541] Identifiers:

[0542] A peer group identifier: Identifies the community built aroundthat group. May be turned into a full class identifier when they becomedifferent from base class identifiers.

[0543] A peer group specification identifier: Equivalent to a servicespecification identifier. Identifies the behavior of the Peer Groupclass (in the programming sense) being used, not the community buildaround it:

[0544] Advertisements (may be optional or required):

[0545] Service class advertisement. In one embodiment, may be required.

[0546] Peer group specification advertisement: Name, identifier, thelist of all services, etc. May be inherited from another group. In oneembodiment, may be required.

[0547] Peer group implementation advertisement: one implementation ofthe code that drives the group. In one embodiment, may be cached andreused. In one embodiment, may be required.

[0548] Peer Group Advertisement: an abbreviated publicizing of thegroup. In one embodiment, may be optional.

[0549] In one embodiment, describing a service may require one or moreof, but may not be limited to:

[0550] Identifiers:

[0551] Service class identifier: denotes functionality and an expectedAPI per supported binding (e.g., pipe, resolver, discovery, etc.). Inone embodiment, if there is no role suffix (role==base class), this maybe fully embedded in a service specification identifier and thereforemay need to be repeated in the group advertisement.

[0552] Service specification identifier: denotes additional on-the-wirebehavior in providing a service defined by its class (e.g., platform'spipe, Intermittent Pipe, Reliable Pipe, etc.)

[0553] Advertisements:

[0554] Service class advertisement: describes a role and may describe aper-platform set of APIs does.

[0555] Service specification advertisement: describes a protocol andbehavior. In one embodiment, may be specialized for a role.

[0556] Service implementation advertisement: describes an implementationfor a given platform. In one embodiment, may be cached and reused.

[0557] In one embodiment, group identifiers may be constructed so thatthey are upward compatible with full class identifiers.

[0558] In one embodiment, there is one peer advertisement for each groupinstantiated on a peer. In one embodiment, a peer advertisement maydescribe only what is relevant to this group on this peer, in additionto describing the group. A peer advertisement may include one or moreof, but is not limited to, one or more parameters that are particular toone given peer for each service, a peer identifier, name and keywords.In one embodiment, a peer advertisement may include only what needs tobe published outside the peer, e.g. endpoint addresses, etc. In oneembodiment, items that affect only the local behavior or that are notspecified as being explicitly published (e.g. debug) may be left out ofthe peer advertisement and may go into an optional configurationdocument passed to the peer group object as an extra parameter. In oneembodiment, in both the configuration document and the peeradvertisement, variables may be related to services by the service classidentifier; each setting may be a <Setting> element, tagged with aservice class identifier. If there is no identifier, it means that thesetting applies to all services of this group.

[0559] The following is an example of a layout to list a service, and isnot intended to be limiting:

[0560] <Service>ServiceSpecID1</Service>

[0561] The following is another example of a layout to list a service,and is not intended to be limiting: <Service><ServiceSpecID>ServiceSpecID1</ServiceSpecID><ServiceClassID>ServiceClassID1</ServiceClassID><SomeFOtherAttribute>whatever</SomeOtherAttribute> </Service>

[0562] Similar layouts may be used for other modules such as endpoints,applications and/or groups.

[0563] In one embodiment, peer groups may be defined by servicespecification advertisements with the group identifier equivalent to therole identifier. In this embodiment, the peer group advertisement may bean abbreviated version of the service specification. In anotherembodiment, services may be listed in the implementation advertisementfor the group. In this embodiment, the implementation advertisement mayrefer to the peer group class used, with the parameter field listing theservices. The group identifier may exist only in the peer groupadvertisement, which is the root definition of the group. Using thisembodiment, there may be no need to obtain the specificationadvertisement of the group in order to instantiate it. This groupadvertisement includes the specification identifier of the group that ismatched by that specification identifier in associated implementationadvertisements, so that an implementation of the group may be acquireddirectly from the peer group advertisement without having to lookup thespecification.

[0564] In one embodiment, the implementation advertisement of a servicemay be included in-line in the implementation advertisement of a groupthat uses it, rather than including the service's specificationidentifier.

[0565] As used herein, the term “module” includes the notion of anyrandom code not part of the core system. In general, a module is ageneric, loadable “thing” that has ini( ), start( ) and stop( ) methodsor their equivalents. Applications and services may be consideredsubclasses of modules. A “Service” is a subclass of module that has “getinterface” and “get implementation advertisement” methods, making itsuitable for registration with a group. In one embodiment, modules mayalso include code that has a known API and identity (its classidentifier) and which can be looked-up with group lookup service.

[0566] In one embodiment, the peer configuration document has the formatof a peer advertisement. In one embodiment, the peer group API mayinclude one or more methods that assist in loading modules, e.g. a “loadmodule” method. In one embodiment, loading a peer group may be similarto loading any other module; one or more additional methods may beincluded to perform one or more tasks particular to loading a peergroup.

[0567] In one embodiment, the definition of a group or other module(that is, the class that implements it for which binding, and with whichparameters) is immutable. The information about the group or othermodule's instantiation on a peer (e.g. everything that may be differenton each peer, such as endpoint addresses, rendezvous status, etc) maybeen separated into a different advertisement: the peer advertisement.

[0568] In one embodiment, there may be one or more parameters that areprivate to a peer and essentially the result of a choice by the user ordefaults that depend on the particular peer that instantiates thatmodule or group (e.g. local network interfaces, well-known rendezvous,etc.). These may be similar to the content of a peer advertisement, butmay not be published (or alternatively, if published, it is by thedecision of the module and copied by that module to the peeradvertisement). The document that includes these unpublished parametersmay be a peer advertisement that may be passed as an argument to themodule's init routine. In one embodiment, providing the peeradvertisement as an argument may be optional.

[0569] The following is an exemplary initialization routine for modulesand is not intended to be limiting:

Init(group, assignedID, implAdv, configAdv);

[0570] where:

[0571] Group: The group that provides the peer-to-peer platform API tothis module: If the module is a group, this is its parent group. If thismodule is a service, group is the group of which this service is a part.If the module is an application, group is the group within which thisapplication runs.

[0572] assignedID: Assigned identifier. A unique identifier assigned tothis module by its group. If this module is a group, the assignedidentifier is its group identifier. If this module is a service, thenthis is the full class identifier of that service in that group. In oneembodiment, the full class identifier listed in the group'simplementation advertisement may be used. In one embodiment, if thismodule is a main application of a peer group, then its assignedidentifier may be a full class identifier of the base class application.In one embodiment, the role part may be assigned randomly in order to beunique. Otherwise, in one embodiment, it may be anything, includingnull. In one embodiment, a service may find its configuration parametersindexed under its assigned identifier in the configurationadvertisement, and may update its published parameters under itsassigned identifier in the peer advertisement.

[0573] implAdv: The implementation advertisement from which this modulewas loaded. In one embodiment, if this module is a subclass of astandard (base) peer group class, then the <Parm> section of thisadvertisement may include a complete list of the services that thisgroup includes. If the module is an application, the module may havebeen loaded directly from its class, bypassing the implementationadvertisement lookup. As a result, there may not be an implementationadvertisement available, in which case “null” may be passed for thisargument. In one embodiment, the standard peer group may pass animplementation advertisement to the main application(s).

[0574] configAdv: The configuration advertisement for this module. Asfor assigned identifier and implementation advertisement, this may benull if the module is an application. In one embodiment, the standardpeer group may pass its configuration advertisement through to the mainapplication(s).

[0575] One embodiment may include an initialization routine for modulesin order to avoid resorting to reflection when loading and initializingmodules. In one embodiment, modules may only include a defaultconstructor, and the initialization routine may serve as a substitute tohaving a constructor with parameters. The initialization routine,followed by a start application routine gets the module running. In oneembodiment, a “stop application” routine may shut down that module. Inone embodiment, after calling the stop application routine, the modulemay be unreferenced and garbage collected. To resume running the module,the module may be loaded from scratch again.

[0576] One embodiment may include a “start application” routine inaddition to an initialization routine in order to be able to operate onthe module once its is fully constructed but before it starts running.What “starts running” means may be defined by each module in relation tothe effects of whichever methods the particular module provides thataffect its behavior.

[0577] In one embodiment, services may be registered with the peer groupupon returning from the init routine. In this embodiment, services maybe ready to have their public methods invoked upon returning from theinitialization routine. In one embodiment, the services may not beobligated to provide full functionality. In one embodiment, publicmethods may fail gracefully if they cannot perform fully. In thisembodiment, services may expect all other services of the group to beavailable from the group's registry upon their start application methodbeing invoked, and to have the public methods of these services eitherfully work or fail nicely. In one embodiment, both the initializationand the start application methods of a module may be required to“return.” In other embodiments, either one or both of these methods maynot be required to return.

[0578] Advertisements

[0579] In one embodiment, the peer-to-peer protocols may useadvertisements to describe and publish the existence of peer resources.An advertisement may be defined as a structured, language neutralmetadata structure that names, describes, and publishes the existence ofa peer-to-peer platform resource. Network resources such as peers, peergroups, pipes, and modules such as services may be represented byadvertisements. Advertisements may be used to describe one or more of,but not limited to, peers, peer groups, pipes, content, rendezvous, andmodules such as services and other types of network resources.Advertisement types provided by the peer-to-peer platform may includeone or more of, but are not limited to, peer advertisements, peer groupadvertisements, module class advertisements, module specificationadvertisements, module implementation advertisements, pipeadvertisements, and rendezvous advertisements. Advertisements may beexchanged as documents in peer-to-peer protocol messages. One or more ofthe peer-to-peer platform protocols may use advertisements to provideinformation to entities interested in the peer-to-peer resourcesrepresented by the advertisements. Peer-to-peer platform protocols maybe used to pass advertisements between peers.

[0580] In one embodiment, advertisements may include a series ofhierarchically arranged elements. The elements may appear in arbitraryorder within the advertisement. Each element may include data oradditional elements. An element may also have attributes. In oneembodiment, attributes are name-value string pairs. An attribute may beused, for example, to store meta-data that helps to describe the datawithin the element.

[0581] In one embodiment, peer-to-peer platform advertisements may berepresented in the eXtensible Markup Language (XML). Other embodimentsmay use other encodings such as HTM or WML. In one embodiment,advertisements may be specified using a schema definition language suchas the XML Schema Definition Language. In one embodiment, XMLadvertisements may be translated into other encodings such as HTML andWML to allow peers that do not support XML to access advertisedresources.

[0582] In one embodiment, advertisements may be used in the peer-to-peerplatform as language-neutral metadata structures. In one embodiment,each software platform binding may describe how advertisements areconverted to and from native data structures such as Java objects or ‘C’structures. Each protocol specification may describe one or more requestand response message pairs. In one embodiment, advertisements may be themost common document exchanged in messages.

[0583] Information exchanged between peers may include advertisementdocuments. In one embodiment, the peer-to-peer platform may advertisedocuments to represent all of the peer-to-peer platform resourcesmanaged by the core platform, such as peers, peer groups, pipes andservices. In one embodiment, the peer-to-peer platform may define a setof core advertisements. The peer-to-peer platform may define coreadvertisement types including, but not limited to, one or more of peeradvertisements, peer group advertisements, pipe advertisements, serviceadvertisements, content advertisements, and endpoint advertisements. Inone embodiment, user-defined advertisement subtypes (for example, usingXML schemas) may be formed from these basic types. Subtypes of the coreadvertisements may be used to add an unlimited amount of extra, richermetadata to a peer-to-peer network. In one embodiment, the peer-to-peerplatform protocols, configurations and core software services operateonly on the core advertisements.

[0584] In one embodiment, an advertisement is a markup languagestructured document that names, describes, and publishes the existenceof a peer-to-peer platform resource. In one embodiment, peer-to-peerplatform advertisements may be represented in the Extensible MarkupLanguage (XML) and are therefore software platform neutral. XML providesa powerful means of representing data and metadata throughout adistributed system. XML provides universal (software-platform neutral)data because XML is language agnostic, self-describing, strongly-typedand ensures correct syntax. XML advertisements may be strongly typed andvalidated using XML schemas. XML also allows advertisements to betranslated into other encodings such as HTML and WML. This featureallows peers that do not support XML to access advertised resources. Inone embodiment, each document may be converted to and from a platformspecific representation such as a Java object. In one embodiment, peerssupporting the various protocols requiring that advertisements beexchanged in messages may accept only valid XML documents that descendfrom the base XML advertisement types.

[0585] Advertisements represented in a markup language such as XML, likeany markup language document, may be composed of a series ofhierarchically arranged elements. Each element may include its dataand/or additional elements. An element may also have attributes.Attributes are name-value string pairs. An attribute may be used tostore metadata, which may be used to describe the data within theelement.

[0586]FIG. 29A illustrates a peer in a peer-to-peer network publishingan advertisement according to one embodiment. Peer 200A may include ormay have access to resources that it may publish. Resources may include,but are not limited to, peers, peer groups, software modules (e.g.services, applications, etc.), content, pipes and pipe endpoints. Aresource advertisement may include an identifier and a securitycredential. The identifier and security credential may be compared toconfirm that they indicate the same resource when another peer accessesthe resource. In one embodiment, a public key may be associated with theadvertised resource. In one embodiment, the security credential may be apublic key signature.

[0587] Peer 200A may generate resource advertisement 808 which maydescribe how other peers may access the resource. Resourceadvertisements may be formatted according to platform-independent markuplanguage schemas defining elements of each type of advertisement (e.g.,XML). Peer 200A may allow other peers access to the resource bypublishing advertisement 808. In one embodiment, publishing may includesending advertisements to other peers. In FIG. 29A, peer 200A may sendadvertisement 808 to peers 200B and 200C in messages 820A and 820B.Messages 820A and 820B may be formatted according to a peer-to-peerplatform protocol. Another peer may discover advertisement 808 bysending a discovery query message that may include criteria that theresource corresponding to advertisement 808A may match to one or both ofpeer 200B and peer 200C, and one or both of peer 200B and peer 200Csending a response message that may contain advertisement 808 to theother peer.

[0588]FIG. 29B illustrates a peer in a peer-to-peer network publishingan advertisement to a rendezvous peer according to one embodiment. Peer200A may publish advertisement 808A by sending it to rendezvous peer200B in message 820. Rendezvous peer 200B may cache advertisements forother peers to discover. In one embodiment, advertisement 808A mayinclude a time-to-live indicator (TTL). The TTL may indicate a length oftime during which the resource advertisement is valid. When the TTLexpires, peers may no longer have access to the resource advertisement.Another peer may discover advertisement 808A by sending a discoveryquery message that may include criteria that the resource correspondingto advertisement 808A may match to peer 200B, and peer 200B sending aresponse message that may contain advertisement 808 to the other peer.

[0589]FIG. 30 illustrates discovering advertisements according to oneembodiment. Peer 200A may broadcast discovery query message 820.Discovery query message 820 may be formatted in accordance with apeer-to-peer platform discovery protocol. Discovery query message 820may include criteria specifying a particular type of resource in whichthe peer is interested. When the discovery query message 820 reaches apeer 200B that has advertisements 808A and 808 B for resources matchingthe criteria in the discovery query message, peer 200B may respond bysending peer 200A a response message 822 that may include theadvertisements 808A and 808 B. Peer 200A may also receive one or moreresponse messages from one or more other peers. Each of these responsemessages may include advertisements for resources for resources alsomatching the criteria in the discovery query message. After receivingthe resource advertisements, peer 200A may access the correspondingresource. In one embodiment, each resource advertisement may includeinformation describing how to access the particular resourcecorresponding to the resource advertisement.

[0590] One embodiment may include module class advertisements, modulespecification advertisements, and module implementation advertisementsthat may be used, for example, in describing and identifying abstractsoftware modules in peer-to-peer networking environments. FIG. 33illustrates a module class advertisement 1010, a module specificationadvertisement 1012, and a module implementation advertisement 1014 for asoftware module according to one embodiment.

[0591] In one embodiment, a module class advertisement 1010 may be usedto describe a class of software modules. A module class advertisement1010 may describe an expected local behavior and an expected API foreach peer-to-peer platform binding that supports the class of softwaremodules. A module class advertisement 1010 may provide a description ofwhat a particular module class identifier 1020 stands for. Module classidentifiers 1020 may be used by a software module or other code on thepeer-to-peer platform to designate software modules upon which thesoftware module or other code depends. In one embodiment, a module classadvertisement 1010 may not provide a completely formal description ofthe module's behavior and API. In one embodiment, a module classadvertisement 1010 may be used to create modules with a similarfunctionality.

[0592] The following illustrates an exemplary module class advertisement1010 schema that may be used in embodiments and is not intended to belimiting: <xs:element name=“MCA” type=“xxxx:MCA”/> <xs:complexTypename=“MCA”>   <xs:sequence>     <xs:element name=“MCID”type=“xxxx:identifier”/>     <xs:element name=“Name” type=“xs:string”    minOccurs=“0”/>     <xs:element name=“Desc” type=“xs:anyType”    minOccurs=“0”/>   </xs:sequence> </xs:complexType>

[0593] where the elements may include one or more of, but are notlimited to:

[0594] MCID—Module class identifier 1020 that uniquely identifies themodule class. Each module class may have a unique identifier. In oneembodiment, this is a required element.

[0595] Name—A name associated with the module class. In one embodiment,the name is not required to be unique unless the name is obtained from acentralized naming service that guarantee name uniqueness. In oneembodiment, this is an optional element.

[0596] Desc—Description. A string that may be used to describe andsearch for a module class. In one embodiment, this is an optionalelement.

[0597] In one embodiment, a module specification advertisement 1012 maybe used to describe the specification of a software module. A modulespecification advertisement 1012 may describe an expected on-wirebehavior and protocol. A module specification advertisement 1012 mayprovide a description of what a particular module specificationidentifier 1022 stands for. A module specification identifier 1022 maybe used by a software module or other code on the peer-to-peer platformto designate a particular network-compatible family of implementationsof a given module class. In one embodiment, module specificationidentifiers 1022 may also be used by a peer group implementation todesignate the components that provide the various services that the peergroup supports. In one embodiment of the peer-to-peer platform, one ormore core peer group services (e.g. discovery, membership, resolver,etc.) may be implemented as software modules.

[0598] A module specification advertisement 1012 may also describe howto invoke and use a software module. In one embodiment, a softwaremodule may be accessed through an API (application programminginterface) of the module by locating an implementation of the softwaremodule, loading the module, and starting the module. In one embodiment,a software module may be accessed via a pipe (e.g. a peer-to-peerplatform pipe as described below) accessed using a pipe advertisementincluded in the software module's module specification advertisement1012. In one embodiment, a software module may be accessed through aproxy module accessed using a module specification identifier 1022 ofthe proxy module included in the software module's module specificationadvertisement 1012.

[0599] The following illustrates an exemplary module specificationadvertisement 1012 schema that may be used in embodiments and is notintended to be limiting: <xs:element name=“MSA” type=“xxxx:MSA”/><xs:complexType name=“MSA”>   <xs:sequence>     <xs:element name=“MSID”type=“xxxx:IDENTIFIER”/>     <xs:element name=“Vers” type=“xs:string”/>    <xs:element name=“Name” type=“xs:string” minOccurs=“0”/>    <xs:element name=“Desc” type=“xs:anyType”     minOccurs=“0”/>    <xs:element name=“Crtr” type=“xs:string” minOccurs=“0”/>    <xs:element name=“SURI” type=“xs:anyURI” minOccurs=“0”/>    <xs:element name=“Parm” type=“xs:anyType”     minOccurs=“0”/>    <xs:element ref=“xxxx:PipeAdvertisement” minOccurs=“0”/>    <xs:element name=“Proxy” type=“xs:anyURI”     minOccurs=“0”/>    <xs:element name=“Auth” type=“xxxx:IDENTIFIER”     minOccurs=“0”/>  </xs:sequence> </xs:complexType>

[0600] where the elements may include one or more of, but are notlimited to:

[0601] MSID—module specification identifier 1022. May uniquely identifythe specification. Each module specification may have a unique modulespecification identifier 1022. In one embodiment, this is a requiredelement.

[0602] Vers—The version of the specification that this advertisementadvertises. In one embodiment, this is a required element.

[0603] Name—Name that may be associated with a module specification. Thename may not be required to be unique. In one embodiment, the name maybe obtained from a centralized naming service that guarantee nameuniqueness, and therefore in this embodiment the name may be unique. Inone embodiment, this is an optional element.

[0604] Desc—Description. A string that may be used to describe andsearch for a module specification. In one embodiment, this is anoptional element.

[0605] CRTR—Creator. This element designates the creator of this modulespecification. In one embodiment, this is an optional element.

[0606] SURI—Specification URI (unique resource identifier). This elementis a URI that permits the retrieval of a document containing the modulespecification that this advertisement advertises. In one embodiment,this is an optional element.

[0607] Parm—May include one or more arbitrary parameters that may beinterpreted by each implementation.

[0608] xxxx:PipeAdvertisement—Identifies pipe advertisement which thismodule binds to an input pipe, and which thus may be used to establish apipe to a nearby running implementation of this module specification. Inone embodiment, this element name may be identical to the pipeadvertisement document type since the entire element is an embedded pipeadvertisement document. In one embodiment, this is an optional element.

[0609] Proxy—Proxy Specification identifier. Module specificationidentifier 1022 of a proxy module that may be used in order tocommunicate with modules of this specification. Note that the processmay be recursive. The proxy module may be usable via pipes, oroptionally through a subsequent proxy module, and may require asubsequent authenticator. In one embodiment, this is an optionalelement.

[0610] Auth—Authenticator specification identifier. Module specificationidentifier 1022 of an authenticator module that may be required in orderto communicate with modules of this specification. Note that the processmay be recursive. The authenticator module may be usable via pipes, oroptionally through a subsequent proxy module, and may require asubsequent authenticator. In one embodiment, this is an optionalelement.

[0611] In one embodiment, a module implementation advertisement 1024 maybe used to describe one of the implementations of a modulespecification. Implementations of a given specification may be searchedby the module specification identifier 1022. An implementation may beselected by the type of environment in which it may be used (itscompatibility statement) as well as by its name, description or thecontent of its parameters section.

[0612] A module implementation advertisement 1024 may provide amechanism to retrieve data that may be required in order to execute themodule implementation being described. In one embodiment, thisinformation may be encapsulated in the Code and PURl (Package UniformResource Identifier) elements. The interpretation of these elements maybe subject to the module's compatibility. For example, a standard peergroup implementation of a Java reference implementation may expect the<Code> element to specify a fully qualified Java class name thatdesignates a subclass such as net.xxxx.platform.Module and PURI to bethe URI (Uniform Resource Identifier) of a downloadable package (e.g. ajar file). Other execution environments may expect the code to be inlinewithin the <Code> element or even offer several options.

[0613] The following illustrates an exemplary module implementationadvertisement 1024 schema that may be used in embodiments and is notintended to be limiting: <xs:element name=“MIA” type=“xxxx:MIA”/><xs:complexType name=“MIA”>   <xs:sequence>     <xs:element name=“MSID”type=“xxxx:IDENTIFIER”/>     <xs:element name=“Comp” type=“xs:anyType”/>    <xs:element name=“Code” type=“xs:anyType”/>     <xs:elementname=“PURI” type=“xs:anyURI” minOccurs=“0”/>     <xs:element name=“Prov”type=“xs:string” minOccurs=“0”/>     <xs:element name=“Desc”type=“xs:anyType”     minOccurs=“0”/>     <xs:element name=“Parm”type=“xs:anyType”     minOccurs=“0”/>   </xs:sequence> </xs:complexType>

[0614] where the elements may include one or more of, but are notlimited to:

[0615] MSID—module specification identifier 1022. May uniquely identifythe module specification being implemented. In one embodiment, this is arequired element.

[0616] Comp—Compatibility. An arbitrary element that may describe theenvironment in which this module implementation may be executed. Eachframework capable of loading and executing the module may have its ownrequirements on the contents of this element. In one embodiment, this isa required element.

[0617] Code—This arbitrary element may include anything that is neededin addition to the package in order to load and execute the code of thismodule implementation.

[0618] In one embodiment, for Java module implementations, this elementmay include a fully qualified class name containing the module's entrypoints. In one embodiment, this element may include the entire code.

[0619] PURI—Package URI (uniform resource identifier). This element is aURI that permits the retrieval of a package containing the code of thismodule implementation. In one embodiment, this is an optional element.

[0620] Prov—Provider. The provider of this module implementation.

[0621] Desc—Description. A string that may be used to describe andsearch for a module specification. In one embodiment, this is anoptional element.

[0622] Parm—Parameter. May include one or more arbitrary parameters thatmay be interpreted by the module implementation's code.

[0623] The following are descriptions of embodiments of peeradvertisements and peer group advertisements that may be used inembodiments of the system and method for describing and identifyingabstract software modules in peer-to-peer networking environments.

[0624] In one embodiment, a peer advertisement may be used to describe apeer. A peer advertisement may also describe resources the peer mayprovide to a peer group. One use of a peer advertisement is to holdspecific information about the peer, including one or more of, but notlimited to, the peer's name, peer identifier, peer group identifier,descriptive information, and registered services. A peer advertisementmay also include endpoint addresses and/or any run-time attributes thatindividual peer services want to publish (such as being a rendezvouspeer for a group). FIG. 6 illustrates the content of a peeradvertisement according to one embodiment.

[0625] The following illustrates an exemplary peer advertisement schemathat may be used in embodiments and is not intended to be limiting:<xs:element name=“PA” type=“xxxx:PA”/> <xs:complexType name=“PA”>  <xs:sequence>     <xs:element name=“PID” type=“IDENTIFIER”/>    <xs:element name=“GID” type=“IDENTIFIER”/>     <xs:elementname=“Name” type=“xs:string” minOccurs=“0”/>     <xs:elementname=“Description” type=“xs:anyType”     minOccurs=“0”/>     <xs:elementname=“Svc” type=“xxxx:serviceParams”     minOccurs=“0”maxOccurs=“unbounded”/>   <xs:sequence> </xs:complexType>

[0626] where the elements may include one or more of, but are notlimited to:

[0627] PID—Peer identifier that may uniquely identify the peer. Eachpeer may have a unique identifier. In one embodiment, this is a requiredelement.

[0628] GID—The peer group identifier. This element may identifycanonically which peer group this peer belongs to.

[0629] Name—A string that may be associated with the peer. In oneembodiment, the name may not be required to be unique. In oneembodiment, the name may be obtained from a centralized naming servicethat guarantees name uniqueness. In one embodiment, this is an optionalelement.

[0630] Description—A string that may be used to index and search for apeer. In one embodiment, the string is not guaranteed to be unique. Twopeers may have the same keywords. In one embodiment, this is an optionalelement.

[0631] Svc—A service element. In one embodiment, any number of serviceelements may be included. In one embodiment, ach of the service elementsmay describe the association between a group service which may bedenoted by its module class identifier (the value of an MCID (moduleclass identifier) element), and arbitrary parameters encapsulated in aParm (parameter) element. For example, all accessible endpoint addressesmay be published in association with the Endpoint Service Module ClassIdentifier. The TLS Root certificate may be published under the Peergroup Module Class Identifier (There may be a module class identifierfor a Peer Group as well). The flag that denotes that this peer is arendezvous for this group may be published under the Rendezvous Servicemodule class identifier. In one embodiment, each service may beresponsible for what is published under its module class identifier. TheService section may also optionally include an element (e.g., “isOff”)that may be used to indicate if this service is enabled or disabled.This element may be used to convey a configuration choice made by theowner of the peer.

[0632] The following is another exemplary embodiment of a peeradvertisement in XML, and is not intended to be limiting:<PeerAdvertisement>   <Name> name of the peer</Name>   <Keywords>searchkeywords </Keywords>   <Pid> Peer identifier </Pid>   <Services>    <Service advertisement>     ....     </Service advertisement>  </Services>   <Endpoints>     <endpoint advertisement>     ...    </endpoint advertisement>   </Endpoint>   <InitialApp>     <Serviceadvertisement>     ....     </Service advertisement>   </InitialApp></PeerAdvertisement>

[0633] This embodiment of a peer advertisement may include, but is notlimited to, the following fields:

[0634] Name: an optional string that can be associated with a peer. Inone embodiment, the name is not required to be unique unless the name isobtained from a centralized naming service that guarantees nameuniqueness.

[0635] Keywords: an optional string that may be used to index and searchfor a peer. In one embodiment, the string is not guarantee to be unique.Two peers may have the same keywords. The keywords string may containspaces.

[0636] Peer identifier: uniquely identifies the peer. In one embodiment,this may be a required element. Each peer has a unique identifier.

[0637] Service: a service advertisement element for each servicepublished on the peer.

[0638] Services started on a peer may publish themselves to the peer. Inone embodiment, not all services running on the peer need to publishthemselves.

[0639] Endpoint: an endpoint URI (e.g. tcp://129.144.36.190:9701 orhttp://129.144.36.190:9702) for each endpoint available on the peer.

[0640] InitialApp: Optional application/service started when the peer isbooted. A service advertisement is used to describe the service.

[0641] In one embodiment, a peer group advertisement may be used todescribe, for a peer group, the group specific information (name, peergroup identifier, etc.), the membership process, and the available peergroup services. The peer group advertisement defines the core set ofservices to be used by that peer group. In one embodiment, it may notenforce that each peer must run each service locally. Rather it definesthe set of services that are made available to the peer group. In oneembodiment, a peer group advertisement may be used to describe peergroup-specific resources including one or more of, but not limited to,name, group identifier, description, specification, and serviceparameters.

[0642] In one embodiment, the initial creator of the peer group maydefine what advertisements go into the peer group advertisement atcreation time. Other peers may get a copy of the peer groupadvertisement when they discover advertisements via the discoveryservice. In one embodiment, peer group advertisements are immutableobjects and new services may not be added due to java binding. Otherembodiments may allow new services to be added. In one embodiment, apeer group may provide a registration service that allows the dynamicregistration of services.

[0643]FIG. 7 illustrates the content of a peer group advertisementaccording to one embodiment. The following is an example of oneembodiment of a peer group advertisement in XML, and is not intended tobe limiting: <peer group advertisement>   <Name> name of the peergroup</Name>   <Keywords>search keywords </Keywords>   <Gid> Peer groupidentifier </Gid   <Services>     <Service advertisement>     ...    </Service advertisement>   </Services>   <InitialApp>     <Serviceadvertisement>     ...     </Service advertisement>   </InitialApp></peer group advertisement>

[0644] This embodiment of a peer group advertisement may include, but isnot limited to, the following fields:

[0645] Name: an optional name that may be associated with a peer group.In one embodiment, the name is not required to be unique unless the nameis obtained from a centralized naming service that guarantee nameuniqueness.

[0646] Keywords: an optional string that may be used to index and searchfor a peer group. In one embodiment, the string is not guarantee to beunique. Two peer groups may have the same keywords.

[0647] Peer group Id: uniquely identifies the peer group. In oneembodiment, this is a required element. Each peer group has a unique id.

[0648] Service: a service advertisement element for each peer groupservice available in the peer group. In one embodiment, not all peergroup services need to be instantiated when a peer joins a peer group.In one embodiment, at least a membership service should be available, sothe membership service may implement a null authenticator membership.

[0649] InitialApp: optional application/service started when a peer isjoining a peer group. A service advertisement may be used to describethe service. The initial application may be started when a peer isjoining a group. Alternatively, it may be left to the joining peer todecide to either start or not start the peer group initial application.

[0650] The following illustrates another exemplary peer groupadvertisement schema that may be used in embodiments and is not intendedto be limiting: <xs:element name=“PGA” type=“xxxx:PGA”/> <xs:complexTypename=“PGA”>   <xs:sequence>     <xs:element name=“GID”type=“xxxx:IDENTIFIER”/>     <xs:element name=“MSID”type=“xxxx:IDENTIFIER”/>     <xs:element name=“Name” type=“xs:string”minOccurs=“0”/>     <xs:element name=“Desc” type=“xs:anyType”    minOccurs=“0”/>     <xs:element  name=“Svc” type=“xxxx:serviceParam”     minOccurs=“0” maxOccurs=“unbounded”/>  </xs:sequence> </xs:complexType>

[0651] where the elements may include one or more of, but are notlimited to:

[0652] GID—This element provides the peer group identifier. The peergroup identifier is the canonical way of referring to a group anduniquely identifies the peer group.

[0653] MSID—Peer group specification identifier. This designates themodule that provides the peer group mechanism for the group. Thespecification identifier may include an abstraction of that mechanism.This abstraction may be optionally described by a module specificationadvertisement, and one or more implementations may exist, which may eachbe described by a module implementation advertisement. In oneembodiment, these advertisements may all be searched by peer groupspecification identifier. In one embodiment, this is a required element.

[0654] Name—A name that may be associated with the peer group. In oneembodiment, the name is not required to be unique. In one embodiment,the name may be obtained from a centralized naming service thatguarantee name uniqueness. In one embodiment, this is an optionalelement.

[0655] Desc—This element provides descriptive information that may beused to index and search for a peer group. In one embodiment, thecontent of this element may not be unique. For example, two peer groupsmay have the same keywords.

[0656] Svc—Service. In one embodiment, any number of service elementsmay be included. Each service element may describe the associationbetween a group service denoted by its module class identifier (thevalue of an MCID element), and one or more arbitrary parametersencapsulated in a Parm element. This optional parameter may only bemeaningful to some services. It may be used to configure a servicespecifically in relation with its use by this group. For example, asimple membership service may find an encrypted password list there. Inone embodiment, this is an optional element.

[0657] Once a peer joins a group, that peer may receive (depending againupon membership configuration) a full membership-level peer groupadvertisement. The full membership advertisement, for example, mightinclude the configuration (required of all members) to vote for newmember approval.

[0658] In one embodiment, a pipe advertisement may be used to describean instance of a pipe communication channel. A pipe advertisement may beused by a pipe service to create associated input and output pipeendpoints. In one embodiment, a pipe advertisement document may bepublished and obtained using either the core discovery service or byembedding it within other advertisements such as the peer or peer groupadvertisement. Each pipe advertisement may include an optional symbolicname that names the pipe and a pipe type to indicate the type of thepipe (point-to-point, propagate, secure, etc). FIG. 8 illustrates thecontent of a pipe advertisement according to one embodiment. Thefollowing is an example of one embodiment of a pipe advertisement inXML, and is not intended to be limiting: <PipeAdvertisement>   <Name>name of the pipe</Name>   <Identifier> Pipe identifier </ Identifier>  <Type> Pipe Type </Type> </PipeAdvertisement>

[0659] Embodiments of a pipe advertisement may include, but are notlimited to, the following fields:

[0660] Name: an optional name that may be associated with a pipe. In oneembodiment, the name is not required to be unique unless the name isobtained from a centralized naming service that guarantee nameuniqueness.

[0661] Pipe identifier: uniquely identifies the pipe. In one embodiment,this is a required element. Each pipe has a unique identifier.

[0662] Type: This is an optional pipe type that may be provided tospecify the quality of services implemented by the pipe. Pipe types mayinclude, but are not limited to:

[0663] Unicast: messages may not arrive at the destination, may bedelivered more than once to the same destination, may arrive indifferent order. Unicast, unsecure, and unreliable. This type of pipemay be used to send one-to-one messages.

[0664] Unicast secure: messages may not arrive at the destination, maybe delivered more than once to the same destination, may arrive indifferent order, but are encrypted (e.g. using TLS). Unicast, secure(e.g. using TLS). This pipe type may be similar or equivalent to theunicast pipe type, except that the data is protected using a virtual TLSconnection between the endpoints.

[0665] Propagate: a propagate (one-to-many) pipe. Diffusion pipes. Thispipe type is used to send one-to-many messages. Any peer that hasenabled an input pipe on a propagate-type pipe may receive messages thatare sent on the pipe.

[0666] In one embodiment, a service advertisement may be used todescribe a peer-to-peer platform-enabled service. In one embodiment,service advertisements may describe how to activate and/or use theservice. In one embodiment, a peer-to-peer platform-enabled service is aservice that uses pipes as primary invocation mechanism. To invoke theservice, a peer may a message to the associated service pipe. In oneembodiment, the core peer group services that each peer group mayimplement in order to respond to the messages described for thepeer-to-peer platform protocols are peer-to-peer platformenabledservices and thus may be published using service advertisements. Theservice advertisement document may be published and obtained using thepeer information protocol for peer services, or alternatively using thepeer group discovery protocol for peer group services.

[0667] In one embodiment, a pipe advertisement and access method fieldsmay provide a placeholder for any kind of service invocation schema thatdefines the valid set of XML messages accepted by the service and theassociated message flow. Thus, the peer-to-peer platform protocols maybe agnostic of service invocation and interoperate with any existingframework. A service advertisement access method field may refer to aWSDL (e.g. www.w3.org/TR/wsdl), ebXML (e.g. www.ebxml.org), UPnP (e.g.www.upnp.org) or a client-proxy schema, among others. For example, aWSDL access method may define messages that are abstract descriptions ofthe data being exchanged and the collections of operations supported bythe service using a WSDL schema. In one embodiment, a serviceadvertisement may include multiple access method tags, as there may bemultiple ways to invoke a service. Thus, the peer may ultimately decidewhich invocation mechanism to use. For example, small devices may wantto use a small-footprint mechanism or a service framework they alreadyhave the code for, and larger devices may decide to download aclient-proxy code.

[0668] In one embodiment, the access method for services is a schema ofvalid XML messages accepted by the service. In one embodiment, a serviceadvertisement may contain a URL or URI tag to point to a jar file, DLL,or loadable library. A peer may use this to download the code to run theservice, for example if the peer joins the peer group and does not havethe required code to run the service.

[0669] One embodiment may provide cross-platform activation of services.A peer may be implemented on a first computing platform. The maydiscover an advertisement for service that includes platform-independentactivation instructions for a service implemented on a second computingplatform, different from the first computing platform. The peer maycarry out the instructions to activate the service even though theircomputing platforms are different. For example, a peer implemented on aMacintosh OSX computing platform may activate a search engine for usedcars implemented on an Intel Windows computing platform.

[0670]FIG. 9 illustrates the content of a service advertisementaccording to one embodiment. The following is an example of oneembodiment of a service advertisement in XML, and is not intended to belimiting: <ServiceAdvertisement>   <Name> name of the Service</Name>  <Version> Version identifier </Version>   <Keywords>search keywords</Keywords>   <Id> Service identifier </Id>   <Pipe> Pipe endpoint toaccess the service </Pipe>   <Params> service configuration parameters</Params>   <URI> service provider location</URI>   <Provider> ServiceProvider</Provider>   <AccessMethods>     ...   </AcessMethods></ServiceAdvertisement>

[0671] Embodiments of a service advertisement may include, but are notlimited to, the following fields:

[0672] Name: an optional name that may be associated with a service. Inone embodiment, the name is not required to be unique unless the name isobtained from a centralized naming service that guarantees nameuniqueness.

[0673] Keywords: an optional string that may be used to index and searchfor a service. In one embodiment, the string is not guaranteed to beunique. Two services may have the same keywords.

[0674] Service Id: uniquely identifies a service. In one embodiment,each service has a unique id. In one embodiment, this element may berequired.

[0675] Version: specifies the service version number. In one embodiment,this element may be required.

[0676] Provider: gives information about the provider of the service.This will typically be a vendor name. In one embodiment, this elementmay be required:

[0677] Pipe: an optional element that specifies a pipe advertisement tobe used to create an output pipe to connect to the service. In oneembodiment, services are not required to use pipes.

[0678] Params: a list of configuration parameters available to the peerwhen invoking the service. In one embodiment, the parameter field isoptional. Parameters may be defined as a list of strings.

[0679] UPI: This is an optional parameter that may be used to specifythe location of where the code for the service may be found.

[0680] Access Methods: In one embodiment, at least one access method isrequired to speciey how to invoke the service. Multiple access methodtags may be used when multiple access methods are available. The accessmethod tag allows any kind of service invocation representation to bespecified. For example the access method may be a placeholder for a WSDLor uPnP document that describes a web service access method.

[0681] In one embodiment, a content advertisement may be used todescribe a content document stored somewhere in a peer group. In oneembodiment, there are no restrictions on the type of contents that canbe represented. A content may be a file, a byte array, code or processstate, for example. In one embodiment, each item of content may have aunique identifier also known as its canonical name. The uniqueidentifier may include a peer group universal unique identifier (UUID),and also may include another name that may be computed, parsed, andmaintained by peer group members. In one embodiment, the content's nameimplementation within the peer group is not mandated by the peer-to-peerplatform. The name may be a hash code, a URI, or a name generated by anysuitable means of uniquely identifying content within a peer group. Theentire canonical content name may be referred to as a content identifieror content identifier. FIG. 3 illustrates an exemplary contentidentifier according to one embodiment.

[0682]FIG. 10 illustrates a content advertisement according to oneembodiment. In one embodiment, a size element may be provided for allcontent items and gives the total size of the content. In oneembodiment, the size is in bytes. In one embodiment, the size is a long(unsigned 64-bits). A content advertisement may also include a MIME(Multi-Purpose Internet Mail Extensions) type that describes the MIMEtype (encoding may be deduced from the type) of the in-line orreferenced data. A content advertisement may also include a RefIDelement. If the advertised content is another advertisement (based uponits type), the RefID is the content identifier of the referencedcontent. If the advertised content is not another advertisement, theRefID element may be omitted.

[0683] The following is an example of one embodiment of a contentadvertisement in XML, and is not intended to be limiting:<ContentAdvertisement> <Mimetype> name of the pipe</Mimetype> <Size>Pipe identifier </Size> <Encoding> Pipe Type </Encoding> <identifier>Content identifier</identifier> <RefID> Content identifier </RefID><Document> document </Document> </ContentAdvertisement>

[0684] Embodiments of a content advertisement may include, but are notlimited to, the following fields:

[0685] identifier: in one embodiment, all contents have a unique id.

[0686] Size: the total size of the content. In one embodiment, a long(unsigned 64-bits) represented as a string. “-1” indicates that the sizeis unknown.

[0687] Mimetype: the mime type of the content. The type may be unknown.

[0688] Encoding: specifies the encoding used.

[0689] RefID: if the advertised content is about another content, theReflD specifies the content identifier of the referenced content.

[0690] In one embodiment, an endpoint advertisement may be used todescribe peer transport protocols. In one embodiment, a peer may supportone or more transport protocols. In one embodiment, peers may havemultiple network interfaces. Typically, there will be one peer endpointfor each configured network interface and/or protocol (e.g. TCP/IP,HTTP). An endpoint advertisement may be included as a tag field in apeer advertisement to describe the endpoints available on the memberpeer. In one embodiment, an endpoint advertisement document may bepublished and obtained using either the core discovery service or byembedding it within other advertisements such as the peer advertisement.Each endpoint advertisement may include transport binding informationabout each network interface or transport protocol. Endpoints may berepresented with a virtual endpoint address that may include allnecessary information to create a physical communication channel on thespecific endpoint transport. For example, “tcp://123.124.20.20:1002” or“http://134.125.23.10:6002” are string representing endpoint addresses.FIG. 11 illustrates the content of an endpoint advertisement accordingto one embodiment. The following is an example of one embodiment of anendpoint advertisement in XML, and is not intended to be limiting:<EndpointAdvertisement> <Name> name of the endpoint</Name> <Keywords>serach string </Keywords> <Address> endpoint logical address </Address></EndpointAdvertisement>

[0691] Embodiments of an endpoint advertisement may include, but are notlimited to, the following fields:

[0692] Name: an optional name that may be associated with an endpoint.In one embodiment, the name is not required to be unique unless the nameis obtained from a centralized naming service that guarantee nameuniqueness.

[0693] Keywords: an optional string that may be used to index and searchfor an endpoint. In one embodiment, the string is not guarantee to beunique. Two endpoints may have the same keywords.

[0694] Peer-to-Peer Platform Protocols

[0695] The peer-to-peer platform protocols may be used to provide andsupport ad hoc, pervasive, and multi-hop peer-to-peer (P2P) networkcomputing. Using the protocols, peers can cooperate to formself-organized and self-configured peer groups independently of theirpositions in the network (e.g., edges, firewalls, network addresstranslators, public vs. private address spaces, etc.), and without theneed of a centralized management infrastructure. The peer-to-peerplatform protocols may have very low overhead, make few assumptionsabout the underlying network transport and limited requirements of thepeer environment, and may be used to deploy a wide variety ofpeer-to-peer applications and services in a highly unreliable andchanging network environment.

[0696] In one embodiment, the peer-to-peer platform protocols maystandardize the manner in which peers self-organize into peer groups,publish and discover peer resources, communicate, and monitor eachother. The peer-to-peer platform protocols may allow the establishmentof a virtual network overlay on top of physical networks, allowing peersto directly interact and organize independently of their networklocation and connectivity. Embodiments of the peer-to-peer platformprotocols may be implemented on unidirectional links and asymmetrictransports.

[0697] In one embodiment, the peer-to-peer platform may include coreprotocols including one or more of, but not limited to, a peermembership protocol, a peer discovery protocol, a peer resolverprotocol, a peer information protocol, a pipe binding protocol, anendpoint routing protocol, and a rendezvous protocol. In one embodiment,a peer membership protocol may allow a peer to join or leave peergroups, and to manage membership configurations, rights andresponsibilities. In one embodiment, a peer discovery protocol may beused to publish and discover resource advertisements. In one embodiment,a peer resolver protocol may be used to send a generic query to one ormore peers, and receive a response (or multiple responses) to the query.In one embodiment, a peer information protocol may be used by a peer toobtain status information about another peers. In one embodiment, a pipebinding protocol may be used by a peer to establish a virtualcommunication channel or pipe between one or more peers. In oneembodiment, an endpoint routing protocol may be used by a peer todiscover a route (sequence of hops) to send a message to another peer,potentially traversing firewalls and NATs. In one embodiment, arendezvous protocol may be used for propagating messages within a peergroup.

[0698] The core peer-to-peer platform protocols may be implemented usinga common messaging layer. This messaging layer binds the protocols tovarious network transports. In one embodiment, the peer-to-peer platformprotocols may be specified as a set of markup language (e.g. XML)messages exchanged between peers. Each software platform bindingdescribes how a message is converted to and from a native datastructures such as a Java object or ‘C’ structure. In one embodiment,the use of markup language messages to define protocols allows manydifferent kinds of peers to participate in a protocol. Each peer is freeto implement the protocol in a manner best suited to its abilities androle. Peer-to-peer platform messages are described previously in thisdocument.

[0699] In one embodiment, each of the protocols is independent of theothers. In one embodiment, a peer may not be required to implement allof the networking protocols. A peer may implement only the protocol thatit requires. For example, a device may have all the advertisements ituses pre-stored in memory, so that peer does not need to implement thepeer discovery protocol. As another example, a peer may use apre-configured set of peer routers to route all its messages, hence thepeer does not need to implement the peer endpoint protocol. Instead, thepeer sends messages to the routers to be forwarded. As yet anotherexample, a peer may not need to obtain or wish to provide statusinformation to other peers, hence the peer does not to implement thepeer information protocol. The same can be said about all of the otherprotocols. In one embodiment, a peer may implement only a portion(client-side or server-side only, for example) of a protocol.

[0700] Peers may use the peer-to-peer platform protocols to advertisetheir resources and to discover network resources (services, pipes,etc.) available from other peers. Peers may form and join peer groups tocreate special relationships. The peer-to-peer platform protocols mayallow peers to communicate without needing to understand or manage thepotentially complex and dynamic network topologies that are becomingcommon. Peers may cooperate to route messages allowing for full peerconnectivity. The peer-to-peer platform protocols allow peers todynamically route messages across multiple network hops to anydestination in the network (potentially traversing firewalls). Eachmessage may include either a complete or a partial ordered list ofgateway peers through which the message might be routed. If routeinformation is incorrect, an intermediate peer may assist in dynamicallyfinding a new route. In one embodiment, a peer-to-peer platform protocolmessage that is routed through multiple hops may not be assumed to bereliably delivered, even if only reliable transports such as TCP/IP areused through all hops. A congested peer may drop messages at any timerather than routing them.

[0701] The peer-to-peer platform protocols may be implemented on avariety of networks including, but not limited to, the Internet,corporate intranets, dynamic proximity networks, home networkingenvironments, LANs and WANs. The peer-to-peer platform protocols mayallow the peer-to-peer platform to be easily implemented onunidirectional links and asymmetric transports. In particular, manyforms of wireless networking do not provide equal capability for devicesto send and receive. The peer-to-peer platform permits anyunidirectional link to be used when necessary, improving overallperformance and network connectivity in the system. Thus, thepeer-to-peer platform protocols may be easy to implement on anytransport. Implementations on reliable and bidirectional transports suchas TCP/IP or HTTP may provide efficient bidirectional communications.Even on bidirectional transports, communication ability between any pairof peers may at times not work equally well in both directions. That is,communications between two peers will in many cases be able to operatebidirectionally, but at times the connection between two peers may beonly unidirectional, allowing one peer to successfully send messages tothe other while no communication is possible in the reverse direction.The peer-to-peer platform unidirectional and asymmetric transport alsoplays well in multi-hop network environments where the message latencymay be difficult to predict. Furthermore, peers in a peer-to-peernetwork tend to have nondeterministic behaviors and thus may appear orleave the network very frequently.

[0702] In one embodiment, the peer-to-peer platform protocols do notrequire a broadcast or multicast capability of the underlying networktransport. Messages intended for receipt by multiple peers (propagation)may be implemented using point-to-point communications. In oneembodiment, the peer-to-peer platform protocols may not require periodicmessages of any kind at any level to be sent within the network, andthus may not require periodic polling, link status sensing, or neighbordetection messages, and may not rely on these functions from anyunderlying network transport in the network. This entirely on-demandbehavior of the protocols and lack of periodic activity may allow thenumber of overhead messages generated by the peer-to-peer platform toscale all the way down to near or at zero, when all peers are stationarywith respect to each other and all routes needed for currentcommunication have already been discovered.

[0703] In one embodiment, the peer-to-peer platform protocols aredefined as idempotent protocol exchanges. The same messages may besent/received more than once during the course of a protocol exchange.In one embodiment, no protocol states are required to be maintained atboth ends. Due to the unpredictability of peer-to-peer networks,assumptions may not be made about the time required for a message toreach a destination peer, and thus in one embodiment the peer-to-peerplatform protocols may not impose timing requirements for messagereceipt.

[0704] The peer-to-peer platform protocols may take advantage ofadditional optimizations, such as the easy ability to reverse a sourceroute to obtain a route back to the origin of the original route.

[0705]FIG. 12 illustrates protocols and bindings in a peer-to-peerplatform according to one embodiment. When the peer-to-peer platformprotocols are implemented using a particular programming language andover a particular transport protocol, the implementation is an instanceof a peer-to-peer platform binding 220, where the peer-to-peer platformprotocols are bound to the language and the transport layer. In oneembodiment, protocol and peer software implementation issues may bedefined in documents specific to the binding. A binding documentdescribes how the protocols are bound to an underlying network transport(such as TCP/IP or UDP/IP) or to a software platform such as Java 222 ora native software platform 224 such as UNIX.

[0706] The following describes the transport binding of the peer-to-peerplatform protocols over TCP/IP including the message wire format ofpeer-to-peer platform endpoint messages over a TCP/IP socket connectionaccording to one embodiment. Each TCP/IP message may include a headerand a body. In one embodiment, the format of the headeris:

[0707] Type Source IP address Source Port Size Option Unused

[0708] The type may include information used to either unicast ormulticast the request. The type may indicate whether this is a propagatemessage, a unicast message, an ACK or a NACK. The port may allow eachpeer to decide to bind its transport service to a specific port number.The TCP binding may not require that a specific port be used. The sizemay indicate the body size (not including the header). The option may beused to specify the kind of socket connections (uni- or bi-directional)in use. The TCP/IP binding does not require the maintenance of anystates. The normal operation is for one peer to send a TCP/IP packet toanother one, and to close the socket after the packet is sent. This isthe minimum functionality required to implement unidirectional pipes. Inone embodiment, if the receiving end decides to keep the connectionactive (socket “keep alive”), it may return an indicator to the senderto tell the sending end that it is keeping the connection alive. Thesending end may reuse the same socket to send a new packet.

[0709] The following describes the transport binding of the peer-to-peerplatform protocols over HTTP including the wire message format for theHTTP binding of the peer-to-peer platform protocols. An HTTP requestformat message may include a header and a body using an HTML format. Forexample: <HTML> <Code> Header </Code> <Msg> Body </Msg> </HTML>

[0710] The header allows the receiving end to determine which messagetype is received. Message types may include request succeeded, requestfailed, empty (no body) and response (the body is not empty and containsdata). The body may be represented as a string in the HTML requestdocument. Connection states that may be used include, but are notlimited to:

[0711] Peer Connection: Before a message can be sent to a HTTP serverpeer, the HTTP client may be required to send a request for connectionto the other peer. The request for connection message may use the emptyheader type. The message may be sent using a GET request to thefollowing server URL: http://ip-name:port/reg/client-peerid/. ip-namespecifies the IP of the server peer and the port is the correspondingserver port number (8080 for example). The server replies with an emptymessage containing either a request succeeded or request failed headertype. The peer connection message may be used to create a client sessionon the receiving peer. The receiving peer may decide to reject theconnection and refuse the client connection. This corresponds to aclient registration.

[0712] Message Sending: To send a message to another peer server, theclient sends a message of the response type with a message body part.The server replies with an ok or failed message. The message is sent tothe following URL using the PUT method: http://ip-name:port/snd/. Theserver replies with a message including a request succeeded or requestfailed header type.

[0713] Message Retrieving: To retrieve messages from a peer server, theclient may send a GET request message with the empty header tag to thefollowing URL:

[0714] http://ipname:port/rec/client-peerid/. The server replies withmay respond with a message failed message or with a Content messageincluding the messages retrieved.

[0715] Peer Discovery Protocol

[0716] In one embodiment, the peer-to-peer platform may include a peerdiscovery protocol that may allow a peer to find advertisements on otherpeers. The peer discovery protocol may be used to discover any publishedpeer resources including other peers, peer groups, pipes, softwaremodules (e.g. services and applications) and any other resource that hasan advertisement in the peer-to-peer network. This protocol may be usedto find members of any kind of peer group, presumably to requestmembership. In one embodiment, the peer discovery protocol is thedefault discovery protocol for all peer groups, including the world peergroup. The discovery protocol may be used as a default discoveryprotocol that allows all peer-to-peer platform peers to understand eachother at a very basic level.

[0717] The peer discovery protocol may provide, at the lowest level, theminimum building blocks for propagating discovery requests betweenpeers. Thus, the peer discovery protocol may provide the essentialdiscovery infrastructure for building high-level discovery services. Inmany situations, discovery information is better known by a high-levelservice, because the service may have a better knowledge of the topology(firewall traversal), and the connectivity between peers. The peerdiscovery protocol may provide a basic mechanism to discoveradvertisements while providing hooks so high-level services andapplications can participate in the discovery process. Services may beable to give hints to improve discovery (i.e. decide whichadvertisements are the most valuable to cache).

[0718] In one embodiment, the peer discovery protocol may be based onweb crawling and the use of rendezvous peers. Rendezvous peers are peersthat offer to cache advertisements to help others peers discoverresources, and propagate requests they cannot answer to other knownrendezvous peers. Rendezvous peers and their use in the discoveryprocess are discussed later in this document.

[0719] In one embodiment, custom discovery services may choose toleverage the peer discovery protocol. In one embodiment, if a peer groupdoes not have its own discovery service, the peer discovery protocol maybe used as the method for probing peers for advertisements. Rendezvouspeers may keep a list of known peers and peer groups. This list may ormay not be exhaustive or timely. A custom discovery service (if it knewthat the region's rendezvous did keep a timely exhaustive list), forexample, may discover all peers in the region by sending a singlemessage to the rendezvous peer.

[0720] In one embodiment, peer discovery may be done with, oralternatively without, specifying a name for the peer to be locatedand/or the group to which peers belong. When no name is specified, alldiscovered advertisements of the requested type may be returned. If aprobing peer provides the name of the peer to be located, a simpletranslation may be requested that returns that peer's advertisement.Once a peer is discovered, ping, status, and capability messages may besent to its “main” endpoint(s) using a peer information protocol. Peersmay export more than one endpoint. In one embodiment, each peerdesignates at least one primary endpoint to handle the low-levelhousekeeping protocols such as the peer discovery protocol and the peerinformation protocol.

[0721] In one embodiment, the peer discovery protocol may be used toprobe network peer groups looking for peers that belong to specifiedpeer groups. This process may be referred to as screening. Peers may bescreened for membership by presenting each candidate member with a peergroup name (string matched with the peer group advertisement canonicalname). In one embodiment, peers claiming to belong to this group mayrespond, while other peers do not respond. The peer discovery protocolmay be used to discover any type of core advertisement including, butnot limited to: peer advertisements, peer group advertisements, pipeadvertisements and service advertisements.

[0722] Peer groups need customizable and adaptable discovery policies.In one embodiment, the peer-to-peer platform may be policy-agnostic, andmay only provide the basics for discovery. The basics may include one ormore core discovery protocols including, but not limited to, a propagateprotocol (broadcast within a scope range (subnet or peer groupmembers)), a rendezvous protocol (unicast to a trusted discovery peer)and an invite protocol (reverse discovering).

[0723] A discovery policy may be implemented in a discovery servicebased on the core discovery protocol. In one embodiment, a discoveryservice in the core peer-to-peer platform may be used to discoverabstractions and/or entities in the peer-to-peer network including, butnot limited to, peers, peer groups, peer group policies (group definedservices) and pipe endpoints.

[0724] In some embodiments of a peer-to-peer platform, the discoveryservice may rely on trusted peers (discovery proxies). The discoveryservice may leverage local neighbors (local propagate). The discoveryservice may use rendezvous peers (indexes). The discovery service mayleave traces in discovery proxies (cache). The discovery service may usenet crawling as a last resort (propagate between trusted discoveryproxies). In one embodiment, a discovery service may not discover someentities in the peer-to-peer network including, but not limited to,content (large scale; in one embodiment, a content management servicemay be used for content discovery), metadata (maintain relationshipbetween data), users, and applications.

[0725] Embodiments of a peer-to-peer platform discovery service mayleverage surrounding peers and peer groups, provide meetings points forfar away peers and groups, use an asynchronous protocol and providereverse discovery. In one embodiment, the discovery service may be usedto find new neighbor peers and provide the ability for a peer to learnabout other peer's abilities. Embodiments of a discovery service in thepeer-to-peer platform may provide extensibility, spontaneousconfiguration, adaptive connectivity, a dynamic (i.e. no fixed) networktopology, and the ability to reach the “edge of the Internet” (firewall,and NAT).

[0726] Some embodiments of a discovery method in the peer-to-peerplatform may not require centralized naming (e.g. no DNS). In oneembodiment, a discovery service may provide predefined meeting pointsthat may be used in platform bootstrapping. In one embodiment, thediscovery service may support a dynamic environment (peers may come andgo). In one embodiment, the discovery service may support an unreliableenvironment (peers may fail). In one embodiment, the discovery servicemay help to adapt to a changing environment through viral behavior. Inone embodiment, the discovery service may be used to improve performanceas a system ages (increase locality). In one embodiment, the discoveryservice may be used in support of security (change of physicallocation). In one embodiment, a discovery service may be used thatprovides administrationless discovery (zero-admin).

[0727] Embodiments of the peer-to-peer platform discovery service mayallow a peer to learn about other peers that discover it. In oneembodiment, the peer-to-peer platform discovery service may provideapplication-managed rendezvous. In one embodiment of the peer-to-peerplatform, a peer discovery protocol may support a discovery querymessage and a discovery response message to be used in the peerdiscovery process.

[0728] Peer groups need customizable and adaptable discovery policies.One approach to implementing a discovery policy is to start simple andbuild more complex policies. Embodiments of the peer-to-peer platformdiscovery service may support discovery methods including, but notlimited to:

[0729] Propagate Discovery

[0730] Unicast to predefined rendezvous

[0731] Leverage transport dependent multicast (e.g. IP)

[0732] Unicast Discovery

[0733] Unicast to known rendezvous for forward propagation

[0734] May be used for reverse Discovery

[0735] In one embodiment, the peer-to-peer platform may not mandateexactly how discovery is done. Discovery may be completelydecentralized, completely centralized, or a hybrid of the two.Embodiments of the peer-to-peer platform may support discoverymechanisms including, but not limited to:

[0736] LAN-based discovery. This is done via a local broadcast over thesubset.

[0737] Discovery through invitation. If a peer receives an invitation(either in-band or out-of-band), the peer information contained in theinvitation may be used to discover a (perhaps remote) peer.

[0738] Cascaded discovery. If a peer discovers a second peer, the firstpeer may, with the permission of the second peer, view the horizon ofthe second peer to discover new peers, groups, and services.

[0739] Discovery via rendezvous points. A rendezvous point is a specialpeer that keeps information about the peers it knows about. A peer thatcan communicate via a rendezvous peer, for example via a peer-to-peerprotocol pipe, may learn of the existence of other peers. Rendezvouspoints may be helpful to an isolated peer by quickly seeding it withlots of information. In one embodiment, a web site or its equivalent mayprovide information of well-known peer-to-peer protocol rendezvouspoints.

[0740] In one embodiment, a peer-to-peer platform web of trust may beused. In a web of trust, a peer group creator may select initialdiscovery proxies, and may delegate to new peer members. Any peer, whentrusted, can become a discovery proxy. Discovery proxies may propagaterequests between each other for net-crawling discovery. New peers may beuntrusted or low-trust peers, and may be typically difficult to find andhave limited discovery range (this may help protect against misbehaviorsand denial of service attacks). Trusted members are easier to discover.Peers may increase their discovery range as they become more trusted(discovery credential). Some peers may not need to discover beyond theirinitial net peer group range.

[0741] In one embodiment, a peer may go through a proximity network,which also may be referred to as a subnet or region, to try to find(discover) surrounding peers. The Internet includes the concept ofsubnets that are physically defined by physical routers that defineregions in which computer systems are connected to one another. Withinone of these regions, the peer-to-peer protocol uses multicast or otherpropagate mechanism to find peers. In one embodiment, a propagatediscovery mechanism may be provided where one peer can propagate adiscovery request through a local subnet. Peers that are in the subnetmay respond to the discovery request. The propagate discovery mechanismmay provide primarily close range discovery. In one embodiment, onlypeers that are in the same physical subnet (region) may respond.“Propagate” is at the conceptual level. Multicast is implemented byTCP/IP to provide propagate capabilities. Other transports may use othermethods to implement propagate. For example, Bluetooth provides adifferent implementation of propagate which is not multicast.

[0742] The core discovery protocol may provide a format for a local peerto send a propagate message (a request to find information about otherpeers or peer groups in its local region or subnet) and a format for aresponse message. A propagate may ask who is there (what peers are inthe subnet). One or more peers may decide to respond. Other peers on thesubnet may choose not to respond if they do not want to be discovered bythe requesting peer. The response message may indicate that a peer isthere and that the requesting peer may communicate with it if it wantsmore information. In one embodiment, the core peer-to-peer platform maydefine the format of the discovery requests and responses as part of thepeer discovery protocol. In one embodiment, the messages may be XMLmessages.

[0743] One embodiment of a peer-to-peer platform may provide abootstrapping process for peers. In one embodiment, a new peer may notknow any peers or peer groups when bootstrapped. When bootstrapping, thepeer may issue a peer discovery propagate message. The new peer islooking for one or more peers in the subnet. The new peer needs to reachsome level of connectivity in order to support higher-level operations.From discovered peers, the new peer may acquire information needed toallow the new peer to go further in its bootstrapping process. Forexample, the new peer may send messages to another peer requestinginformation on services that the other peer may be aware of that the newpeer needs for bootstrapping.

[0744] When the new peer discovers another peer or peers, it may attemptto discover peer groups. This process may be similar to the peerdiscovery process described above. The new peer may send (e.g.propagate) another discovery message that is configured to discover peergroups. Peers in the proximity network (region) that are aware of a peergroup or peer groups may respond to the peer group discovery message,and may return information on the peer group(s) (e.g. peer groupadvertisements) of which they are aware. The new peer may use thisinformation to determine a peer group or peer groups that it may beinterested in joining.

[0745] In one embodiment, a peer group may be configured so that only asubset of peers within a group may have the capabilities to respond topeer group discovery messages and to provide information about the peergroup to inquiring peers.

[0746] Peer and peer group discovery may both be implemented by the peerdiscovery protocol. Peer and peer group discover are more or less at thesame level in the peer-to-peer platform. In one embodiment, peerdiscovery may use a message that indicates the discovery is looking forpeers, and peer group discovery may use a similar message that indicatesthe discovery is looking for peer groups.

[0747] In one embodiment, the peer discovery protocol may be required tobe implemented in a peer platform, and thus all peers will have theservice running. When one peer sends (e.g. propagates) a request, then areceiving peer must send a response, unless it is configured to notrespond to at least some requests from at least some peers based uponconfiguration parameters. In another embodiment, peers may beimplemented without the peer discovery protocol. In other words, in thisembodiment, peers are not required to implement the peer discoveryplatform. For example, on some smart devices, peer information and/orpeer group information may be preconfigured into the device, and sobootstrapping may be performed on these devices without having toinitiate a peer discovery.

[0748] Embodiments of the peer-to-peer platform may implement adiscovery mechanism that is more suited for long-range discovery thanthe propagate method described above. In one embodiment, rendezvouspeers may be used in discovery. A rendezvous peer may be described as ameeting point where peers and/or peer groups may register to bediscovered, and may also discover other peers and/or peer groups, andretrieve information on discovered peers and/or peer groups. In oneembodiment, a peer (any peer) in a peer group may decide to become ormay be appointed or elected as a rendezvous peer in the group. Therendezvous peer may be advertised as a meeting point, and may bepredefined on peers so that, for example, the peers, when starting up,may know to go to the rendezvous peer to find information about thepeer-to-peer network. Rendezvous peers may act as information brokers orcentralized discovery points so that peers can find information in aneasy and efficient manner. As a peer group grows, a peer may become arendezvous peer in the group. In one embodiment, a network of rendezvouspeers may be constructed that may help to provide long-range discoverycapabilities. A rendezvous peer may be aware of at least some of theother rendezvous peers in the network, and a discovery message from apeer may be forwarded from a first rendezvous peer to a second, and soon, to discover peers and/or peer groups that are “distant” on thenetwork from the requesting peer.

[0749] Rendezvous peers may offer to cache advertisements to help otherspeers discover resources, and may propagate (forward) requests theycannot answer to other known rendezvous peers. In one embodiment, arendezvous peer implements at least one of these two functions. Theservices provided by a rendezvous peer may be different than messagerouting. Message routing is performed at a lower level involvingmulti-hops connections to send a message between any peers in thenetwork. In one embodiment, the forwarding of a request between tworendezvous peers may involve routing to propagate a request between tworendezvous, but this is transparent to the rendezvous service and doneunderneath.

[0750] In one embodiment, rendezvous peers may forward requests betweeneach other. A rendezvous may be typically connected to a few otherrendezvous peers. There may be as many rendezvous peers as peers in apeer group. Not every peer may be a-rendezvous (e.g. if a peer has nocaching capabilities or is isolated behind a firewall). In oneembodiment, only rendezvous peers may forward a discovery request toanother rendezvous peer. This restriction may serve to limit and controlthe exponential growth of request propagations within the network.Rendezvous peers may thus provide a simple throttle mechanism to controlthe propagation of requests. In one embodiment, sophisticated rendezvouspeers may be deployed to filter and distribute requests for the bestusage of network resources.

[0751] In one embodiment, a peer may be pre-configured with apre-defined set of rendezvous peers. These bootstrapping rendezvous mayhelp the peer discover enough network resources (peers, rendezvous,services) as it needs to support itself. In one embodiment, thepre-configured rendezvous are optional. A peer may be able to bootstrapby finding rendezvous or enough network resources in its proximityenvironment. If a peer does not know the information, it may ask thesurrounding peers (hop of 1) if they know the answer. One or more peersmay already have the answer. If no surrounding peers know the answer,the peer may ask its rendezvous peers to find advertisements. Peers arerecognized as rendezvous peers in their peer advertisements. When a peerdiscovers a new peer, it can determine if this peer is a rendezvous. Apeer may not be required to use all the rendezvous peers that it hasdiscovered.

[0752] Rendezvous peers may forward requests between themselves. Thediscovery process continues until one rendezvous peer has the answer orthe request dies. There is typically a Time To Live (TTL) associatedwith the request, so it is not infinitely propagated. As an example,suppose a peer A is attempting to discover a resource R on the network.Peer A issues a discovery request specifying the type (peer, peer group,pipe, service) of advertisements it is looking for. To initiate theDiscovery, peer A sends a discovery request message as a singlepropagate packet to all its available endpoints. The packet may containthe requested peer advertisement, so the receiving peer can respond tothe requester. Each discovery request identifies the initiator, and aunique request identification specified by the initiator of the request.When another peer receives the discovery request (assume peer B in thisexample), if it has the requested R advertisement, it will return topeer A the advertisement for R in a discovery response message. If PeerA does not get response from its surrounding peers (hop of 1), Peer Amay send the request to its known rendezvous peers. If the rendezvouspeers do not have the advertisement, they can propagate the request toall other rendezvous peers they know. When a rendezvous receives arespond to a request, the rendezvous may cache the R advertisement forfuture usage, before sending it to the requestor.

[0753] In one embodiment, the peer rendezvous capabilities may beembedded in the core discovery protocol of the peer-to-peer platform.Rendezvous peers may be protocol-based, and may broker more informationthan name servers that typically only broker names of entities. In oneembodiment, a rendezvous peer may maintain indexes for entities in thepeer-to-peer platform including peers, peer groups, and advertisements.Indexes may be dynamic indexes which may grow as the peer groupcommunity grows and more peers join. As a group joins, some peers maydecide to become rendezvous peers to help peers connect with other peersin the group.

[0754] The rendezvous peer is at the peer level. A rendezvous peer isnot a “service”. A rendezvous peer may be used as part of aninfrastructure to construct services such as a DNS or other centralizingand index services. In one embodiment, services may interact with arendezvous peer to obtain and/or manipulate information stored on therendezvous peer to perform some task to make the system act moreefficiently.

[0755] In a network of peers, some peers may elect themselves, throughthe discovery protocol, to become rendezvous peers. A rendezvous peermay act as a broker or discovery message router to route discoverymessages to the right place. In other words, a rendezvous may act toroute discovery requests to the right rendezvous peers. For example, arendezvous peer may receive a message requesting information about peersthat are interested in baseball. The rendezvous peer may know of anotherrendezvous peer that specializes in information about baseball. Thefirst rendezvous peer may forward or route the message to the secondrendezvous peer. In one embodiment, rendezvous peers may maintainconnections to other rendezvous peers in order to provide discovery androuting functionality.

[0756] Rendezvous peers may support long-range discovery. For example, afirst peer is at a remote location from a second peer. For one of thesepeers to find the other with a mechanism such as web crawling may betime consuming, since there maybe a lot of “hops” between the two peers.Rendezvous peers may provide a shortcut for one of the peers to discoverthe other. The rendezvous peer, thus, may serve to make the discoveryprocess, in particular long-range discover, more efficient.

[0757] A peer-to-peer network may be dynamic. Peers and peer groups cancome and go. Dynamic identifiers (addresses) may be used. Thus, routesbetween peers need to be dynamic. Rendezvous peers may provide a methodfor route discovery between peers that allows routing in thepeer-to-peer network to be dynamic. In this method, the rendezvous peersmay perform route discovery for peers when the peers send discoverymessages to the rendezvous peers or when a peer is attempting to connectto another peer or peer group that is not in the local region of thepeer. This method may be transparent to the requesting peer.

[0758] In one embodiment, the rendezvous peers may be able to cacheadvertisements. An advertisement may be defined as metadata ordescriptions of a resource. An advertisement may include informationnecessary for an entity to connect to or use the resource, for example aservice advertisement may include information for connecting to andusing the service. Advertisements may be published to allow otherentities to discover them. The rendezvous peer may provide the abilityfor services and applications to store and cache temporary, e.g. via alease mechanism, advertisements. This may used, for example, when oneservice needs to connect to another service; and needs the pipe endpointor communication channel that may be used to connect to the service. Thepipe endpoint may be included in a service advertisement published on arendezvous peer. Thus, in one embodiment, the rendezvous peer providesthe ability for peers, peer groups, services and applications toadvertise pipe endpoints and to discover pipe endpoints of services andapplications.

[0759] In one embodiment, the rendezvous protocol may use an index cache(e.g. on a peer serving as a rendezvous proxy). FIG. 13 illustratesdiscovery through a rendezvous peer according to one embodiment.Rendezvous proxy 206 may cache peer 200 and peer group 210 informationfor peer groups 210A and 210B. Peers 200 in each peer group 210 may thendiscover each other through rendezvous proxy 206. Rendezvous proxy 206may itself be a peer and may be a member in one or more peer groups 210.In one embodiment, access to rendezvous proxies 206 may be restricted topeers with rendezvous access privileges. In this embodiment, non-trustedpeers (peers without access privileges) may access rendezvous proxies206 through trusted peers 200 within their peer group 210, oralternatively through other local peers in other peer groups. In oneembodiment, the rendezvous protocol may be used across subnets(configurable at the peer group level). In one embodiment, therendezvous protocol may be used across/through firewalls (e.g.gateways).

[0760] In one embodiment, the peer-to-peer platform may include apropagate policy for use in discovery. FIG. 14 illustrates discoverythrough propagate proxies according to one embodiment. In oneembodiment, discovery proxy 208 may control propagation of discoverymessages. In FIG. 14, discovery proxy 208 may receive discovery messagesfrom peers 200 in peer group 210A and propagate the messages to peers inother groups such as peer group 210B. In one embodiment, access todiscovery proxies 208 may be restricted to peers with discovery proxyaccess privileges. In this embodiment, nontrusted peers (peers withoutaccess privileges) may access discovery proxies through trusted peers200 within their peer group 210, or alternatively through other localpeers in other peer groups. In one embodiment, propagation may becontrolled using TTL (time to live). In another embodiment, propagationmay be controlled using message counts. In one embodiment, the propagatepolicy may be used for subnet TCP/multicast (platform configurable). Inone embodiment, the propagate policy may support HTTP gateways (platformconfigurable). In one embodiment, the propagate policy may be usedthrough firewalls (e.g. need peer activation behind firewalls).

[0761] In one embodiment, the peer-to-peer platform may include aninvite policy. In one embodiment, the invite policy may support theadding of new peers and peer groups (e.g. publish advertisements).

[0762] In one embodiment, the peer-to-peer platform may allow thepersistent local peer caching of discovery information. In thisembodiment, a peer may be allowed to cache advertisements discovered viathe peer discovery protocol for later usage. Caching may not be requiredby the peer-to-peer platform, but caching may be a useful optimization.The caching of advertisements by a peer may help avoid performing a newdiscovery each time the peer is accessing a network resource. In ahighly transient environment, performing the discovery may be necessary.In a static environment, caching may be more efficient.

[0763] In one embodiment, the peer-to-peer platform may support trusteddiscovery peers. In one embodiment, the peer-to-peer platform may usediscovery credentials. In one embodiment, the peer-to-peer platform mayallow credential delegation. In one embodiment, the peer-to-peerplatform may support propagate proxies. In one embodiment, a propagateproxy may support TTL/message counts. TTL stands for Time To Live (howlong the request lives in the system). In one embodiment, a propagateproxy may support net crawling. In one embodiment, a propagate proxy mayprovide “smart above” routing.

[0764] In one embodiment, a peer may not initiate a new discoveryrequest until the. minimum allowable interval between discoveries isreached. This limitation on the maximum rate of discoveries may besimilar to the mechanism required by Internet nodes to limit the rate atwhich ARP requests are sent for any single target IP address. Themaximum rate may be defined by each specific implementation transportbindings and exported to the application.

[0765]FIG. 15 illustrates using messages to discover advertisementsaccording to one embodiment. A message or messages may be used to getall known, reachable advertisements within a region on the network. Inone embodiment, this list may not be guaranteed to be exhaustive, andmay be empty. Named peers may also be located using the peer discoveryprotocol. A message may include a peer group credential of the probing(requesting) peer that may identify the probing peer to the messagerecipient. The destination address may be any peer within a region (apropagate message 230) or alternatively a rendezvous peer (a unicastmessage 232). The response message 234 may return one or moreadvertisements (e.g. peer advertisements and/or peer groupadvertisements) that may include “main” endpoint addresses which may beconverted to a string in the standard peer endpoint format (e.g. URI orURL) and also may include a network transport name.

[0766] In one embodiment, the peer discovery protocol may not guaranteepeers that receive a query will respond to the query, nor does itmandate that the number of advertisements requested will be honored. Inthis embodiment, a best effort is made at matching the query to resultsin the respondent's cache. In one embodiment, the peer discoveryprotocol does not guarantee that a response to a discovery query requestwill be made. In one embodiment, responding to a discovery query requestis optional. A peer may not be required to respond to a discovery queryrequest.

[0767] In one embodiment, the peer discovery protocol does not require areliable transport. Multiple discovery query requests may be sent. None,one, multiple pr redundant responses may be received. In one embodiment,the peer discovery protocol. may utilize the resolver protocol to routequeries and responses. The tasks of propagating and re-propagating aquery to the next set of peers may be delegated to the resolver service.

[0768] In one embodiment, a peer may receive a discovery response thatis not a response to any discovery query initiated by the peer. Thismechanism may provide the ability to remote publish a resource. In oneembodiment, he peer discovery protocol may provides a mechanism forservices to query the network for peer-to-peer resources and receiveresponses. In one embodiment, the peer discovery protocol may be used totake care of some or all messaging aspects, caching, and expiringadvertisements.

[0769] In one embodiment, a discovery query message may be used to senda discovery request to find advertisements (e.g. for peers or peergroups). The discovery query may be sent as a query string (attribute,value) form. A null query string may be sent to match any results. Athreshold value may be included to indicate the maximum number ofmatches requested by a peer. The following is an example of oneembodiment of a discovery query message in XML, and is not intended tobe limiting: <DiscoveryQuery> <Credential> Credential </Credential><QueryID> query id</QueryID> <Type> request type (e.g. PEER, PEER GROUP,PIPE, SERVICE, CONTENT) </Type> <Threshold> requested number ofresponses </Threshold> <PeerAdv> peer advertisement of requestor</PeerAdv> <Attribute> attribute </ Attribute > <Value> value </Value></DiscoveryQuery>

[0770] Embodiments of a discovery query message may include one or moreof, but are not limited to, the following fields:

[0771] Credential: The credential of the sender.

[0772] QueryID: Query identifier.

[0773] Type: specifies which advertisements are returned.

[0774] Threshold: specifies the maximum number of advertisements thateach responding peer should provide. The total number of resultsreceived may depend on the number of peers that respond and theadvertisements they have. In one embodiment, if <Type> indicates peeradvertisements and <Threshold> is a particular value (e.g. 0) then thequery is to collect peer advertisements of respondents. Therefore, anypeer should respond to such a query, even though no results are to beincluded.

[0775] PeerAdv: if present, peer advertisement of the requestor.

[0776] Attribute: specifies the query attribute.

[0777] Value: specifies the query value.

[0778] In one embodiment, the value is only present if the attribute ispresent. Both the attribute and value may be omitted. In one embodiment,both attribute and value must either both be present or absent. In oneembodiment, if attribute and value are absent, then each respondent maysupply a random set of advertisements of the appropriate type up to<Threshold> count.

[0779] In one embodiment, only advertisements including an element witha name matching <Attribute> and that also includes a value matching<Value> are eligible to be found. In one embodiment, <Value> may beginand/or end with an indicator such as a special character (e.g. “*”).This indicates that <Value> will match all values that end with orbeginning with, or contain the rest of the string. If <Value> includesonly the indicator (e.g. “*”), the result may be unspecified. Someimplementations may choose not match any advertisement for a <Value>including only the indicator.

[0780] In one embodiment, a discovery response message may be used tosend a discovery response message to answer a discovery query message.The following is an example of one embodiment of a discovery responsemessage in XML, and is not intended to be limiting: <DiscoveryResponse><Credential> Credential </Credential> <QueryId> query id</QueryId><Type> request type (e.g. PEER, GROUP, PIPE, SERVICE, CONTENT) </Type><PeerAdv> peer advertisement of the respondent </PeerAdv> <Attribute>Attribute </Attribute> <Value> value </Value> <Count> count </Count><Responses> (peer, peer group, pipe, service or content advertisementresponse) </Responses> <............> <Responses> (peer, peer group,pipe, service or content advertisement response) </Responses></DiscoveryResponse>

[0781] Embodiments of a discovery response message may include one ormore of, but are not limited to, the following fields:

[0782] Credential: The credential of the sender.

[0783] QueryID: Query identifier.

[0784] Type: The type of the advertisements returned in the <Response>element(s).

[0785] Count: If present, the number of <Response> element(s) includedin this response message.

[0786] PeerAdv: If present, the advertisement of the respondent. Mayinclude an expiration attribute that indicates the associated relativeexpiration time in milliseconds.

[0787] Attribute: specifies the query attribute.

[0788] Value: specifies the query value.

[0789] Responses: advertisement responses. The advertisements may be,for example, peer, peer group, pipe, content or software module (e.g.service) advertisements. In one embodiment, each may include anExpiration attribute that indicates an associated relative expirationtime in milliseconds.

[0790] In one embodiment, the value tag is only present if the Attributetag field is present. Both the Attribute and Value tag may be omitted.

[0791] In one embodiment, if an advertisement document (e.g. an XMLdocument) is embedded into another document (e.g. XML document), thedocument separators must be dealt with. For XML documents, his may bedone using the standard XML escaping rules. For example, ‘<’ becomes‘&lt;’ ‘>’ becomes ‘&gt;’ and ‘&’ becomes ‘&amp’.

[0792] Reverse Discovery

[0793] Reverse discovery means that, in a peer-to-peer network, when afirst entity (e.g. a peer) discovers a second entity (e.g. anotherpeer), the second entity may also discover the first entity from thediscovery initiated by the first entity. This may also be referred to as“mutual discovery”. In most traditional systems, discovery is typicallyone-directional. In the peer-to-peer world, reverse discovery isimportant because, by definition, all “peers” are equal (i.e. it istypically not a hierarchical system). In one embodiment, there may bedifferent levels of discovery for peers. For example, a peer may beconfigured to remain anonymous when discovering other peers or to alwayssupport reverse discovery. In one embodiment, a peer initiating adiscovery may also be configured to deny discovery to another peer ifthe other peer is configured or chooses to remain anonymous. In oneembodiment, a peer may also be configured to or may choose to denydiscovery by other peers that wish to remain anonymous.

[0794] Invitations

[0795] One embodiment of the discovery protocol may also provide methodsby which a peer can “advertise” itself, for example when joining apeer-to-peer network. For example, a peer may send an email message, bytelephone, by “traditional” mail, or by other methods to other peers itdiscovers or is preconfigured to know about to advertise its presenceand willingness to be contacted by other peers. This is done outside ofthe discovery method, and may be performed by any external medium. Apeer who receives an invitation from a peer may have a capability to addor enter the new peer to a list or database of peers that it knowsabout. When the peer later restarts, these peers may be among thepreconfigured peers that the peer knows about. In one embodiment, a peermay have a “notify” or “invitation” interface to allow a user toinitiate invitations. In one embodiment, the peer-to-peer platform mayprovide import and export capabilities for invitations. In oneembodiment, the invitations may be implemented as documents external tothe peer-to-peer system that may be exported from one peer and importedinto another peer. In one embodiment, the invitations may be in a formatthat enables the exporting and importing. In one embodiment, theinvitations may be in XML format. In one embodiment, an interface may beprovided to allow the manual entering of invitation information.Importing the invitation may create a peer-to-peer platform documentthat may then be used by the peer. The format of exported documents maydepend on the platform on which the peer is implemented.

[0796] Rendezvous Protocol

[0797] One embodiment may include a rendezvous protocol that may beresponsible for propagating messages within a peer group. Whiledifferent peer groups may have different means to propagate messages,the rendezvous protocol defines a protocol that enables peers to connectto services (propagate messages to other peers and receive propagatedmessages from other peers) and to control the propagation of messages(TTL, loopback detection, etc.).

[0798] One embodiment may include a rendezvous advertisement that may beused to describe a peer that acts as a rendezvous peer for a given peergroup. Rendezvous advertisements may be published and retrieved, so thatpeers that are looking for rendezvous peers can find them. In oneembodiment, a rendezvous advertisement may include a name element thatmay be associated with the rendezvous peer. This may be the peer name.In one embodiment, the name element is optional. In one embodiment, arendezvous advertisement may include a rendezvous group identifierelement that includes the peer-to-peer platform identifier of the peergroup for which the peer is a rendezvous. In one embodiment, thiselement is required. In one embodiment, a rendezvous advertisement mayinclude a rendezvous peer identifier element that may include thepeer-to-peer platform identifier of the rendezvous peer. In oneembodiment, this element is required.

[0799] Rendezvous peers may be used to re-propagate messages they havereceived. A peer may dynamically become a rendezvous peer and/or maydynamically connect to a rendezvous peer. In one embodiment, theconnection between a peer and a rendezvous peer may be achieved by anexplicit connection, associated to a lease. In one embodiment, thisconnection may be performed by sending messages using the endpointprotocol. Each rendezvous protocol may be listening on an endpointaddress with a service name and service parameter (e.g. peer groupidentifier).

[0800] In one embodiment, one or more queries and responses may bedefined by the rendezvous protocol in order to establish connections. Alease request may be sent by a peer that desires to connect to a givenrendezvous. In one embodiment, the lease request may not include anindication of the amount of the lease; the rendezvous will give whateveramount it determines is appropriate. In one embodiment, a rendezvousthat grants a lease may return a lease granted message. This message issent by a rendezvous that is granted a lease to a given client. Theamount of time the lease is granted may be included in the message. Inone embodiment, a lease may be canceled by either party at any time ifnecessary or desired. A lease cancel request may be sent by a client toa rendezvous in order to cancel an existing lease. The rendezvous mayreply with a lease cancelled message.

[0801] In one embodiment, the peer resolver protocol resides on top ofthe rendezvous protocol. In this embodiment, the peer resolver protocolis not used to send these messages. In one embodiment, the rendezvousprotocol may reside on top of the endpoint routing protocol, which maybe used to send rendezvous protocol messages.

[0802] In one embodiment, the rendezvous protocol is responsible forcontrolling the propagation of messages. In one embodiment, therendezvous protocol may propagate a message unless of the followingconditions is detected:

[0803] Loop: if a propagated message has already been processed on apeer, it is discarded.

[0804] TTL: propagated messages are associated with a Time To Live(TTL). Each time a propagated message is received on a peer, its TTL isdecreased by one. When the TTL of a message drops to zero, the messageis discarded.

[0805] Duplicate: each propagated message is associated with a uniqueidentifier. When a propagated message has been duplicated, and hasalready been received on a peer, duplicates are discarded.

[0806] In one embodiment, propagation control may be performed byembedding a message element within each propagated message that mayinclude one or more of, but is not limited to, the following elements: amessage identifier, a destination name, a destination parameter, a TTL,and a path.

[0807] In one embodiment, when a peer wants to connect to a RendezvousPeer, it sends a lease request message with a connect message elementwhich includes its peer advertisement. When a rendezvous peer grants alease, it sends a lease granted message to the source of the leaserequest. In one embodiment, a lease granted message may include one ormore of, but is not limited to, the following elements:

[0808] A connected lease element that includes (e.g. in a Stringrepresentation) the time in milliseconds the lease is granted for. Inone embodiment, this is a required element.

[0809] A connected peer element that includes the peer identifier of therendezvous peer that has granted the lease. In one embodiment, this is arequired element.

[0810] A rendezvous advertisement reply element that includes the peeradvertisement of the rendezvous peer that grants the lease. In oneembodiment, this is an optional element.

[0811] In one embodiment, when a peer desires to cancel a lease, itsends a lease cancel request with a disconnect message element thatincludes the peer advertisement of the peer which is requesting tocancel the lease.

[0812] Peer Resolver Protocol

[0813] In one embodiment, the peer resolver protocol may be used todisseminate generic queries to one or multiple handlers within a peergroup and identify matching responses. Each query may be addressed to aspecific handler name. In one embodiment, this handler name may definethe particular semantics of the query and its responses, but is notassociated with any specific peer. A given query may be received by anynumber of peers in the peer group, possibly all, and processed accordingto the handler name if such a handler name is defined on that peer. Inone embodiment, the peer resolver protocol may provide a genericquery/response infrastructure for building high-level resolver services.In many situations, a higher-level service may have a better knowledgeof the group topology. In one embodiment, the peer resolver protocol mayuse a rendezvous service to disseminate a query to multiple peers orunicast messages to send queries to specified peers.

[0814] In one embodiment, the peer resolver protocol, may allow a peerto send simple, generic search queries to one or more peer services. Inone embodiment, only those peers that have access to data repositoriesand that offer advanced search capabilities typically implement thisprotocol. Each service may register a handler in the peer group resolverservice to process resolver query requests. Resolver queries may bedemultiplexed to each service. Each service may respond to a peer via aresolver response message. It is important to point the differencesbetween the peer discovery protocol and the peer resolver protocol. Thepeer discovery protocol is used to search for advertisements tobootstrap a peer, and discover new network resources. The peer resolverprotocol is a generic service that services query protocols. The peerresolver protocol may be used by a service on a peer to interact with aservice on another peer.

[0815] The peer resolver protocol may enable each peer to send andreceive generic queries to find or search for peer, peer group, pipe orservice specific information such as the state of a service or the stateof a pipe endpoint. In one embodiment, each resolver query may have aunique service handler name to specify the receiving service, and aquery string to be resolved by the service. In one embodiment, the peerresolver protocol may provide a generic mechanism for peers to sendqueries and receive responses. In one embodiment, the peer resolverprotocol may remove the burden for registered message handlers by eachservice and set message tags to ensure uniqueness of tags. In oneembodiment, the peer resolver protocol may be used to take care of someor all messaging aspects, caching queries and responses and forwardingqueries, based on the invoker's decision. In one embodiment, the peerresolver protocol may ensure that messages are sent to correct addressesand peer groups. In one embodiment, the peer resolver protocol mayperform authentication and verification of credentials and the droppingof rogue or incorrect messages.

[0816]FIG. 16 illustrates one embodiment of using peer resolver protocolmessages between a requesting peer 200A and a responding peer 200B. Aresolver query message 236 may be used to send a resolver query to anamed handler on one or more peers 200 that are members of the peergroup. In one embodiment, a resolver query message 236 may be used tosend (unicast) a resolver query request to a service on another member200B of a peer group. In one embodiment, the resolver query may be sentas a query string to a specific service handler. In one embodiment, eachquery has a unique identifier. The query string may be any string thatmay be interpreted by the targeted service handler. A resolver responsemessage 238 may be sent (unicast) to the requesting peer 200A by theservice handler. The following is an example of one embodiment of aresolver query message in XML, and is not intended to be limiting:<ResolverQuery> <Credential> Credential </Credential> <HandlerName> nameof handler </HandlerName> <SrcPeerID> source peer identifier</SrcPeerID> <QueryID> incremental query identifier </QueryID> <Query>query string </Query> </ResolverQuery>

[0817] Embodiments of a resolver query message may include, but are notlimited to, the following fields:

[0818] Credential: The credential of the sender

[0819] HandlerName: service the query needs to be passed

[0820] SrcPeerID: The identifier of the peer originating the query (e.g.a URN)

[0821] QueryId: Query identifier

[0822] Query: query string

[0823] A resolver response message may be returned in response to aresolver query message. The following is an example of one embodiment ofa resolver response message in XML, and is not intended to be limiting:<ResolverResponse> <Credential> Credential </Credential> <HandlerName>name of handler </HandlerName> <QueryID> query identifier </QueryID><Response> response </Response> </ResolverResponse>

[0824] Embodiments of a resolver response message may include, but arenot limited to, the following fields:

[0825] Credential: The credential of the respondent

[0826] QueryID: Query identifier of the query to which this is aresponse

[0827] HandlerName: Specifies how to handle the response; e.g. servicethe query needs to be passed to

[0828] Response: response string including the response(s)

[0829] In one embodiment, the peer resolver protocol communicates byexchanging endpoint messages. Endpoint addresses specify a handler name.The peer resolver protocol attaches a listener by that name to theendpoint service.

[0830] In one embodiment, peer resolver protocol implementations may usethe same scheme for building their handler names. The convention used byall services of the world peer group may use the concatenation of theservice name, the peer group identifier, and a value unique within theservice.

[0831] The handler name in peer resolver protocol messages may perform arole similar to that of the handler name in endpoint message addresses:it is a demultiplexing key that specifies how, by which higher-levelprotocol, or by which module, the message is to be processed. In oneembodiment, the users of the peer resolver protocol are typicallyservices. Each instance of a given service (one per peer per group thatuses this service) generates a handler name that is unique on its peer,but will be identical for the instances of this service on other peers.In one embodiment, this may be achieved by concatenating the servicename (which is unique in the group), the group identifier, which isunique in the peer, and an additional parameter that serves todiscriminate between several handlers used by the same service, ifneeded.

[0832] The handler name may be used both to register the appropriatehandler for incoming queries or responses, and as a destination foroutgoing queries or responses. In one embodiment, clients of theresolver may define two names: one for propagated messages (e.g.queries), and one for unicast messages (e.g. responses).

[0833] In one embodiment, the peer resolver protocol may not allow theregistration of more than one handler with the same name. A service mayregister for any handler name that it uses as a destination, therebypreventing other services from registering themselves to receive thesemessages. In one embodiment, a service or application that receivesqueries or responses from a service instance on another peer is de-factothe local instance of that service and may handle these messages asspecified.

[0834] In one embodiment, the peer resolver protocol may not guaranteepeers that define a query handler name will receive that query ormandate that all peers that define this handler name will receive it. Inthis embodiment, the peer resolver protocol may be used to disseminatethe query in a way that maximizes the chance of obtaining a response, ifone can be obtained. In one embodiment, response to a resolver queryrequest is optional; a peer is not required to respond. In thisembodiment, it may not be guaranteed that a response to a resolver queryrequest will be made.

[0835] In one embodiment, a reliable transport may not be required bythe peer resolver protocol, and the peer resolver protocol may notassume the presence of reliable message delivery. In one embodiment,multiple resolver query messages may be sent. None, one, multiple orredundant responses may be received.

[0836] In one embodiment, the task of propagating a query to the nextset of peers may be handled by the rendezvous protocol. In oneembodiment, a rendezvous service may be responsible for determining theset of peers that should receive a message being propagated, but may notautomatically re-propagate an incoming propagated message. In thisembodiment, the service (query handler) handling the message maydetermine if further propagation is to be performed. In one embodiment,the peer resolver protocol may use the following policy: if the queryhandler does not instruct the peer resolver protocol to discard thequery, and if the local peer is a rendezvous, then the query isre-propagated (within the limits of loop and TTL rules enforced by therendezvous service). In addition, if instructed by the query handler, anidentical query may be issued with the local peer as the originator.

[0837] Peer Information Protocol

[0838] Once a peer is located, its capabilities and status may be ofinterest. In one embodiment, the peer-to-peer platform may include apeer information protocol that may allow a peer to learn about otherpeers' capabilities and status. For example, a peer can send a pingmessage to see if another peer is alive. A peer may also query anotherpeer's properties where each property has a name and a value string. Inone embodiment, a peer may not be required to respond to a peerinformation protocol request.

[0839]FIG. 17 illustrates one embodiment of using peer informationprotocol messages between a requesting peer 200A and a responding peer200B. In one embodiment, to see if peer 200B is alive (i.e. respondingto messages), peer 200A may be sent a ping message 240. The ping message240 may include a destination address that is peer 200B's “main”endpoint returned during discovery, for example. The message may alsoinclude a group membership credential of the requesting peer 200A thatmay identify the probing peer 200A to the message recipient 200B. Themessage may also contain an identifier unique to the sender. In oneembodiment, this identifier may be returned in the response message 242.Response message 242 may include information about peer 200B, includinginformation on the status of the peer 200B. If peer 200B responds with amessage 242, this may indicate to peer 200A that peer 200B is “alive”and thus currently responding to messages.

[0840] In one embodiment, messages may be used. to get a list of namedcontrol “properties” exported by a peer. A property is a “knob” used toget information or configuration parameters from the peer. In oneembodiment, all properties may be named (e.g., by a string), and may be“read-only.” In one embodiment, higher-level services may offer“read-write” capability to the same information, given proper securitycredentials. In one embodiment, each property may have a name and avalue string. Read-write widgets may allow the string value to bechanged, while read-only widgets do not. In one embodiment, the peerinformation protocol only gives read access. The destination address isa peer's main endpoint that may have been returned in a discoveryresponse message.

[0841] Once a peer is located, its capabilities and status may bequeried. The peer information protocol provides a set of messages toobtain a peer status information. In one embodiment, the peerinformation protocol is an optional peer-to-peer platform protocol. Inone embodiment, peers are not required to respond to peer informationprotocol requests.

[0842] In one embodiment, the peer information protocol may be layeredupon the peerr resolver protocol. In one embodiment, a <QueryID> messageelement may be used to match peer information protocol queriescontaining <request> elements to the peer information protocol responsemessages containing the matching responses.

[0843] In one embodiment, the peer information protocol query messagemay include a request field that may be used to encode a specificrequest. In one embodiment, the peer information protocol does notdictate the format of the request field and it is left up to theconsumer to do so. Higher-level services may utilize the request fieldto offer expanded capabilities.

[0844] In one embodiment, a reliable transport is not required by thepeer information protocol. In one embodiment, multiple peer informationmessages may be sent. None, one or multiple responses may be received.

[0845] In one embodiment, a peer information protocol query message maybe sent to a peer to query the current state of the peer, and tooptionally obtain other relevant information about the peer. In oneembodiment, a peer information protocol query message without a definedrequest field may expect in return a default set of information about apeer (i.e. uptime, message count, etc.). In one embodiment, a peerinformation protocol query message may include a source peer identifiermessage element that indicates the peer identifier of the requestingpeer. In one embodiment a peer information protocol query message mayinclude a target peer identifier message element that indicates the peeridentifier of the peer being queried. In one embodiment, a peerinformation protocol query message may include a request element. In oneembodiment, the request element may be optional.

[0846] In one embodiment, a peer information protocol response messagemay include specific information about the current state of a peer, suchas uptime, inbound and outbound message count, time last messagereceived, and time last message sent. In one embodiment, a peerinformation protocol response message may include a source peeridentifier message element that indicates the peer identifier of therequesting peer. In one embodiment, a peer information protocol responsemessage may include a target peer identifier message element thatindicates the peer identifier of the peer being queried. In oneembodiment, a peer information protocol response message may include anuptime element that may indicate the relative time (e.g. inmilliseconds) since the responding peer information service beganexecution. In one embodiment, peers may include this element in all peerinformation protocol responses. In one embodiment, peers may choose tonot include this element if the information is unavailable or wouldrepresent a security breach. In one embodiment, a peer informationprotocol response message may include a timestamp element that indicatesthe absolute time at which this response was generated. In oneembodiment, peers may include this element in all peer informationprotocol responses. In one embodiment, peers may choose to not includethis element if the information is unavailable or would represent asecurity breach. In one embodiment, a peer information protocol responsemessage may include a response element that may include a response to aprevious request from a peer information protocol query message. In oneembodiment, to match queries to responses, a query identifier element ofthe peer resolver Protocol must match. This field may include anydesired. content. In one embodiment, a peer information protocolresponse message may include a traffic element that may includeinformation about the network traffic performed by the target peer. Inone embodiment, this element is optional.

[0847] In one embodiment, a ping message may be sent to a peer to checkif the peer is alive and/or to get information about the peer. The pingoption may define the response type returned. In one embodiment, a fullresponse (peer advertisement) or a simple acknowledge response (aliveand uptime) may be returned. The following is an example of oneembodiment of a ping message in XML, and is not intended to be limiting:<Ping> <Credential> Credential </Credential> <SourcePid> Source Peeridentifier </SourcePid> <TargetPid> Target Peer identifier </TargetPid><Option> type of ping requested</Option> </Ping>

[0848] In one embodiment, a peer information response message may beused to send a response message in response to a ping message. Thefollowing is an example of one embodiment of a peer information responsemessage in XML, and is not intended to be limiting: <PeerInfo><Credential> Credential </Credential> <SourcePid> Source Peer identifier</SourcePid> <TargetPid> Target Peer identifier </TargetPid> <Uptime>uptime</Uptime> <TimeStamp> timestamp </TimeStamp> <PeerAdv> PeerAdvertisement </PeerAdv> </PeerInfo>

[0849] Peer Membership Protocol

[0850] In one embodiment, the peer-to-peer platform may include a peermembership protocol that may allow a peer to join or leave peer groups,and to manage membership configurations, rights and responsibilities.This protocol may allow a peer to obtain group membership requirements(such as an understanding of the necessary credential for a successfulapplication to join the group), to apply for membership and receive amembership credential along with a full group advertisement, to updatean existing membership or application credential, and to cancel amembership or an application credential. In one embodiment,authenticators and/or security credentials may be used to provide thedesired level of protection.

[0851] In one embodiment, the process of joining a peer group mayinclude obtaining a credential that is used to become a group member. Inone embodiment, the process of joining a peer group may includeobtaining a “form” listing the set of requirements asked of all groupmembers. In one embodiment, this form may be a structured document (e.g.a peer group advertisement) that lists the peer group membershipservice.

[0852] In one embodiment, the peer membership protocol may definemessages including, but not limited to, an apply message, a joinmessage, an acknowledgement (ACK) message, a renew message, and a cancelmessage. A peer membership protocol apply message may be sent by apotential new group member to the group membership applicationauthenticator. In one embodiment, the authenticator's endpoint may belisted in the peer group advertisement of every member. In oneembodiment, a successful response from the group's authenticator mayinclude an application credential and a group advertisement that maylist, at a minimum, the group's membership service. In one embodiment,the apply message may include, but is not limited to, the currentcredential of the candidate group member and the peer endpoint for thepeer group membership authenticator to respond to with anacknowledgement (ACK) message.

[0853] The following is an example of one embodiment of a peermembership protocol apply message in XML, and is not intended to belimiting: <MembershipApply> <Credential> Credential of requestor</Credential> <SourcePid> Source pipe identifier </SourcePid><Authenticator> Authenticator pipe advertisement </Authenticator></MembershipApply>

[0854] A peer membership protocol join message may be sent by a peer tothe peer group membership authenticator to join a group. In oneembodiment, the peer may pass an application credential (from an applyresponse ACK message) for authentication purposes. In one embodiment, asuccessful response from the group's authenticator may include a fullmembership credential and a full group advertisement that lists, at aminimum, the group's membership configurations requested of full membersin good standing. The message may include a credential (applicationcredential of the applying peer: see ACK message). This credential maybe used as the application form when joining. The message may alsoinclude the peer endpoint for the authenticator to respond to with anACK message.

[0855] The following is an example of one embodiment of a peermembership protocol join message in XML, and is not intended to belimiting: <MembershipJoin>  <Credential> Credential of requestor</Credential>  <SourcePid> Source pipe identifier </SourcePid> <Membersship> membership pipe advertisement </Membership>  <Identity>identity</Identity> </MembershipJoin>

[0856] A peer membership protocol ACK message is an acknowledge messagethat may be used for both join and apply operations. A peer membershipprotocol ACK message may be sent back by the membership authenticator toindicate whether or nor the peer was granted application rights to thepeer group if the peer is applying, or full membership to the peer groupif peer is attempting to join. In one embodiment, an ACK message mayalso be sent in response to peer membership protocol renew messages andcancel messages. The message may include a credential (an application ormembership credential allocated to the peer by the peer groupauthenticator). The message may also include a more complete peer groupadvertisement that may provide access to further configurations. In oneembodiment, not all configuration protocols are visible until the peerhas been granted membership or application rights. Some configurationsmay need to be protected. Also, depending on the peer credential, thepeer may not have access to all the configurations.

[0857] The following is an example of one embodiment of a peermembership protocol ack message in XML, and is not intended to belimiting: <MembershipAck>  <Credential> Credential </Credential> <SourcePid> Source pipe identifier </SourcePid>  <Membersship>membership pipe advertisement </Membership>  <Peer groupAdv> peer groupadvertisement </Peer groupAdv>  <Peer groupCredential> credentialgranted </Peer groupCredential> </MembershipAck>

[0858] A peer membership protocol renew message may be sent by a peer torenew its credential (membership or application) access to the peergroup. An ACK (acknowledgement) message may be returned with a newcredential and lease if the new is accepted. The renew message mayinclude, but is not limited to, a credential (a membership orapplication credential of the peer) and the peer endpoint to which anACK response message may be sent.

[0859] The following is an example of one embodiment of a peermembership protocol renew message in XML, and is not intended to belimiting: <MembershipRenew>  <Credential> Credential </Credential> <SourcePid> Source pipe identifier </SourcePid>  <Membersship>membership pipe advertisement </Membership> </MembershipRenew>

[0860] A peer membership protocol cancel message may be sent by a peerto cancel the peer's membership or application rights in a peer group.The message may include, but is not limited to, a credential (amembership or application credential of the peer) and the peer endpointto send an ACK message. In one embodiment, an ACK to a cancel mayinclude a response status indicating the cancel was accepted.

[0861] The following is an example of one embodiment of a peermembership protocol cancel message in XML, and is not intended to belimiting: <MembershipCancel>  <Credential> Credential </Credential> <SourcePid> Source pipe identifier </SourcePid>  <Membersship>membership pipe advertisement </Membership> </MembershipCancel>

[0862] Pipe Binding Protocol

[0863] In one embodiment, the peer-to-peer platform may include a pipebinding protocol that may allow a peer to find the physical location ofa pipe endpoint and to bind a pipe advertisement to the pipe endpoint,thus indicating where messages actually go over the pipe. A pipe isconceptually a virtual channel between two pipe endpoints (input andoutput pipes) and may serve as a virtual link between two or more peersoftware components (e.g. services or applications).

[0864] A pipe may be viewed as an abstract, named message queue thatsupports a number of abstract operations such as create, open, close,delete, send, and receive. The pipe virtual link (pathway) may belayered upon any number of physical network transport links such asTCP/IP, HTTP, and TLS. In one embodiment, the pipe binding protocol islayered upon the endpoint protocol that allows it to use a variety oftransport protocols, such as HTTP Transport, TCP/IP Transport, or asecure TLS Transport. Each end of the pipe may work to maintain thevirtual link and to reestablish it, if necessary, by binding endpointsor finding the pipe's currently bound endpoints.

[0865] Actual pipe implementations may differ, but in one embodiment,peer-to-peer platform-compliant implementations may use the pipe bindingprotocol to bind pipes to pipe endpoints. In one embodiment, during theabstract create operation, a local peer binds a pipe endpoint to a pipetransport. In another embodiment, bind may occur during the openoperation. Unbind occurs during the close operation. In one embodiment,each peer that “opens” a group pipe may make an endpoint available(binds) to the pipe's transport. In one embodiment, messages may be sentonly to the one or more endpoints bound to the pipe. Peers that have notopened the pipe may not receive or send any messages on that pipe. Inone embodiment, when some peer software wants to accept incoming pipemessages, the receive operation may remove a single message in the orderit was received, not in the order it was sent. In one embodiment, a peekoperation may be used as a mechanism to see if any message(s) hasarrived in the pipe's queue.

[0866] In one embodiment, the pipe binding protocol may define messagesincluding, but not limited to, a query message and a response message.In one embodiment, a pipe binding protocol query message may be sent bya peer pipe endpoint to find a pipe endpoint bound to the same pipeadvertisement. The following is an example of one embodiment of a pipebinding protocol query message in XML, and is not intended to belimiting: <PipeBindingQuery>  <Credential> query credential</Credential>  <Peer> optional tag. If present, it may  include the peeridentifier of the only peer   that should answer the request.  </Peer> <Cached> true if the reply can come from a cache </Cached>  <PipeId>pipe identifier to be resolved </PipeId> </PipeBindingQuery>

[0867] In one embodiment, the requestor may ask that the information notbe obtained from a cache. This is to obtain the most up-to-dateinformation from a peer to address stale connection. The Peer fieldspecifies a peer identifier. This peer is the one that should respond tothe query. In one embodiment, there may be no guarantee that a responseto a pipe binding request will be made. In one embodiment, a peer is notrequired to respond to a binding request. In one embodiment, a reliabletransport is not required. In one embodiment, multiple binding querymessages may be sent. None, one or multiple responses may be received.

[0868] In one embodiment, a pipe binding protocol response message maybe sent to the requesting peer by each peer bound to the pipe inresponse to a query message. The following is an example of oneembodiment of a pipe binding protocol response message in XML, and isnot intended to be limiting: <PipeBindingAnswer>  <Credential>credential </Credential>  <PipeId> pipe identifier resolved </PipeId> <Peer> peer URI where a corresponding InputPipe has  been created</Peer>  <Found> true: the InputPipe does exist on the specified peer(ACK)   false: the InputPipe does not exist on the specified peer (NACK) </Found> </PipeBindingAnswer>

[0869] Endpoint Routing Protocol

[0870] In one embodiment, the peer-to-peer platform may include anendpoint routing protocol. The endpoint routing protocol may be used bypeers to send messages to router peers requesting available routes forsending message(s) to destination peers. In one embodiment, this may beaccomplished through message exchanges between peer routers. Peerrouting may be necessary to enable two peers to communicate depending ontheir location in the network. For instance, the two peers may be ondifferent transports; the peers may be separated by a firewall; or thepeers may be using incompatible private IP address spaces. Whennecessary, one or more peer routers may be used to deliver a messagefrom the originating peer endpoint to the destination peer endpoint.

[0871] A peer-to-peer platform network is typically an ad hoc,multi-hops, and adaptive network by nature. Connections in the networkmay be transient, and message routing may be nondeterministic. Routesmay be unidirectional and change rapidly. Peers may appear and leavefrequently. Two communicating peers may not be directly connected toeach other. Two communicating peers may need to use router peers toroute messages depending on the network topology. For example, the twopeers may be on different network transports, or the peers may beseparated by a firewall or a NAT (Network Address Translation) router. Apeer behind a firewall may send a message directly to a peer outside afirewall. But a peer outside the firewall cannot establish a connectiondirectly with a peer behind the firewall.

[0872] The endpoint routing protocol may define a set of request/querymessages that is processed by a routing service to help a peer routemessages to its destination. When a peer is asked to send a message to agiven peer endpoint address, it may look in its local cache to determineif it has a cached route to this peer. If the peer does not find aroute, it may send a route resolver query message to available peerrouters requesting route information. A peer may have access to as manypeer routers as it can find, or optionally a peer may be pre-configuredto access certain routers.

[0873] Peer routers may provide the low-level infrastructures to route amessage between two peers in the network. Any number of peers in a peergroup may elect themselves to become peer routers for other peers. Peersrouters offer the ability to cache route information, as well asbridging different physical (different transport) or logical (firewalland NAT) networks. A peer may dynamically find a router peer via aqualified discovery search. A peer may find out if a peer it hasdiscovered is a peer router via the peer advertisement, for example by aproperties tag and/or by a parameters element.

[0874] When a peer router receives a route query, if it knows thedestination (a route to the destination), it may answer the query byreturning the route information as an enumeration of hops. The messagemay be sent to the first router and that router may use the routeinformation to route the message to the destination peer. The route maybe ordered from the next hop to the final destination peer. At anypoint, the routing information may become obsolete, requiring thecurrent router to find a new route in order to complete the messagedelivery.

[0875] The peer endpoint may add extra routing information to themessages sent by a peer. When a message goes through a peer, theendpoint of that peer may leave its trace on the message. The trace maybe used for loop detection and to discard recurrent messages. The tracemay also be used to record new route information by peer routers.

[0876] In one embodiment, the endpoint routing protocol may provide lastresort routing for a peer. More intelligent routing may be implementedby more sophisticated routing services in place of the core routingservice. High-level routing services may manage and optimize routes moreefficiently than the core service. In one embodiment, the hooksnecessary for user defined routing services to manipulate and update theroute table information (route advertisements) used by the peer routermay be provided by the endpoint routing protocol. Thus, in oneembodiment, the complex route analysis and discovery may be performedabove the core by high-level routing services, and those routingservices may provide intelligent hints to the peer router to routemessages.

[0877] Router peers may cache route information. Router peers mayrespond to queries with available route information. Route informationmay include a list of gateways along the route. In one embodiment, anypeer may become a router peer by implementing the endpoint routingprotocol. The following is an example of one embodiment of routeinformation in XML, and is not intended to be limiting: <endpointrouter >  <Credential> credential </Credential>  <Src> peer identifierof the source </Src>  <Dest> peer identifier of the destination </Dest> <TTL> time to live </TTL>  <Gateway> ordered sequence of gateway</Gateway>  ........... .......  <Gateway> ordered sequence of gateway</Gateway> </endpoint router >

[0878] The time-to-live parameter specifies how long this route isvalid. In one embodiment, the time-to-live indicator may be measured inhops. The creator of the route can decide how long this route will bevalid. The gateways may be defined as an ordered sequence of peeridentifiers that define the route from the source peer to thedestination peer. The sequence may not be complete, but in oneembodiment, at least the first gateway is present. The first gateway issufficient to initially route the messages. In one embodiment, theremaining gateway sequence may be optional.

[0879] The endpoint routing protocol may provide messages including, butnot limited to, a route request message and a route answer message fromthe router peer. In one embodiment, a peer may send a route requestmessage to a router peer to request route information. Route informationmay be cached or not cached. In some cases, the route query requestmessage may indicate to bypass the cache content and thus to searchdynamically for a route. In one embodiment, it may not be guaranteedthat a route response will be received after a query is sent. Thefollowing is an example of one embodiment of a route query requestmessage in XML, and is not intended to be limiting: <endpoint routerQuery>  <Credential> credential </Credential>  <Dest> peer identifier ofthe destination </Dest>  <Cached> true: if the reply can be a cachedreply   false: if the reply must not come from a cache  </Cached></endpoint router Query>

[0880] In one embodiment, a router peer may send a route answer messageto a peer in. response to a route information request. The following isan example of one embodiment of a route answer message in XML, and isnot intended to be limiting: <endpoint router Answer>  <Credential>credential </Credential>  <Dest> peer identifier of the destination</Dest>  <RoutingPeer> Peer identifier of the router that knows a routeto  DestPeer  </RoutingPeer>  <RoutingPeerAdv> Advertisement of therouting peer  </RoutingPeerAdv>  <Gateway> ordered sequence of gateways</Gateway>  ...................  <Gateway> ordered sequence of gateways</Gateway> </endpoint router Answer>

[0881] In one embodiment, the gateway(s) may be represented bypeer-to-peer platform identifiers.

[0882] Endpoint Service

[0883] One embodiment may include an endpoint service that may beresponsible for performing end-to-end messaging between two peers, usingone of the underlying peer-to-peer platform transport protocols, such asTCP or HTTP bindings. The endpoint service may be used by other servicesor applications that need to have an understanding of the networktopology, such as a resolver service or a propagation service. In oneembodiment, the endpoint service is not responsible for routing messagesfor peers that are not directly connected to each other. This task isperformed by the endpoint router transport protocol that may provide theillusion that the source and destination peers are directly connected.

[0884] In one embodiment, when the endpoint service transmits a messageit may add the source peer identifier as an element to the message. Inone embodiment, the element is a representation of the peer identifierat the point of emission of the message. In one embodiment, thisinformation is optional and may be used by the emitter endpoint serviceto detect and eliminate propagated messages that loop back to theemitter. If this element is not present, the message may be assumed tonot be looping back.

[0885] The endpoint service may expect incoming and outgoing messages tohave a source address and a destination address. The encapsulation ofthat information is specified by the message wire format being used. Inone embodiment, the source and destination addresses of a message may berepresented as strings in URI format.

[0886] In one embodiment, the endpoint service may delegate the sendingof outgoing messages to the endpoint protocol designated by a “protocol”part of the message's destination address. In one embodiment, theendpoint service may deliver incoming messages to the listenerregistered under the name that matches a concatenation of “unique nameof recipient” and “unique name in recipient context” portions of themessage's destination address.

[0887] Endpoint Router Transport Protocol

[0888] One embodiment may include an endpoint router transport protocolthat is a logical peer-to-peer platform transport protocol at a level“below” the endpoint service and with one or more other transportprotocols such as TCP and HTTP Transport Protocols. The endpoint routermay be responsible for exchanging messages between peers that do nothave a direct connection between each other. The endpoint router mayprovide a virtual direct connection to the peer's endpoint service.

[0889] In one embodiment, the endpoint router transport protocol definesa set of query and response messages that may be used to communicatewith instances of the endpoint router on other peers. In one embodiment,the messages may be sent and received by the endpoint router using aresolver service. These messages may include one or more of, but are notlimited to:

[0890] Route query: when the endpoint router is requested to send amessage to a peer for which it does not have yet a route for, theendpoint router may send a route query request to other peers. One ormore peers that have a route for the given peer may answer with routeresponses.

[0891] Route response: a peer that desires to inform another peer abouta give route may send a route response to the other peer. A routeresponse may be a reply to a route query.

[0892] Ping query: a ping query may be sent to a peer in order tovalidate a route. A peer receiving a ping query is requested to answerwith a ping response.

[0893] Ping response: a ping response may be sent to an originator of aping query.

[0894] In one embodiment, the endpoint router may define aninformational message that requires no reply. This message may be sentby any peer that detects that a route used by another peer is not valid.For example, a router peer that is requested to route a message to apeer for which it does not have a route may send an informationalmessage. In one embodiment, the informational message is optional:routers are not required to send them. While an informational message istypically sent to the source peer of a message, peers may sendinformational messages to other peers of their choice.

[0895] In one embodiment, the endpoint router transport protocol mayappend a message element to each message it transports. In oneembodiment, the element may be a markup language (e.g. XML) document. Inone embodiment, the element may include one or more of, but is notlimited to, the following:

[0896] Source: the original endpoint address of the source of themessage. In one embodiment, this may be required.

[0897] Destination: the original endpoint address of the destination ofthe message. In one embodiment, this may be required.

[0898] Last Hop: The endpoint router endpoint address of the last routerthat processed the incoming message to route. In one embodiment, thismay be required.

[0899] Number of hops: the number of the peers the incoming message toroute has already been through. In one embodiment, this may be required.

[0900] Forward Route: a list of one or more endpoint router endpointaddresses of the peers the message is supposed to go through in order toreach its destination. In one embodiment, this list is optional sinceeach router may use a query route request in order to find a route. Thislist may be used to preferably decrease the network traffic by limitingthe use of queries, which may be expensive.

[0901] Reverse Route: a list of one or more endpoint router endpointaddresses of the peers the message is supposed to go through in order toreach its source. In one embodiment, this list is optional since eachrouter may use the query route request in order to find a route. Thislist may be used to preferably decrease the network traffic by limitingthe use of queries, which may be expensive.

[0902] In one embodiment, queries and responses defined by the endpointrouter transport protocol may be sent using a resolver service. In oneembodiment, the messages may be represented by a markup language (e.g.XML) document (passed to and by the resolver service). In oneembodiment, endpoint router transport protocol messages may include oneor more of, but is not limited to, version information, type information(e.g. route query, route response, ping query, ping response, orinformational message), destination peer (e.g. endpoint router endpointaddress), routing peer (e.g. endpoint router endpoint address), routingpeer advertisement, number of hops, and gateway forward (e.g. endpointrouter endpoint address).

[0903] In one embodiment, depending on the type of the message, only asubset of the above may be used. For a route query, destination peer mayinclude the peer identifier (in its endpoint router definition) of thepeer for which a route is requested. For a route response, destinationpeer may include the peer identifier (in its endpoint router definition)of the peer for which a route was requested. Routing peer may includethe endpoint address of the peer that knows how to route message to thedestination peer. Routing peer advertisement may optionally include thepeer advertisement of the routing peer, which if included may allow therequesting peer to not have to search for the advertisement later on.Number of hops may indicate the number of hops of the route starting atthe routing peer. Gateway forward may include the endpoint address(es)of routing peer(s) within the route. In one embodiment, gateway forwardis a list of that may define the entire route to be used starting at therouting peer in order to reach the destination. In one embodiment,endpoint routers are not required to fill up this list; however, fillingthe list may be desired if the endpoint router desires to use theoptimization of embedding the forward route within the message.

[0904] For a ping query, destination peer may include the peeridentifier (in its endpoint router definition) of the peer for which aping is requested. For a ping response, destination peer may include thepeer identifier (in its endpoint router definition) of the peer forwhich a ping was requested. For an informational message, destinationpeer may include the peer identifier (in its endpoint router definition)of the peer for which the route has failed. If a message for which aroute has failed includes a list in gateway forward, this list may beincluded in the informational message.

[0905] In one embodiment, the endpoint router transport protocol mayappend an endpoint router message element to messages it transports. Inone embodiment, the element may be a markup language (e.g. XML)document. In one embodiment, the element may include one or more of, butis not limited to, a source, a destination, a last peer, a number ofhops, a gateway forward, and a gateway reverse. The source may includethe endpoint address of the original source of the message. Thedestination may include the address of the original destination of themessage. The last peer may indicate the address of an immediatelyprevious peer that has received the message. The number of hops mayindicate the number of hops of the reverse route (0 if there is noreverse route.) The gateway forward may include the endpoint address(es)of one or more routing peers within the forward route. In oneembodiment, gateway forward may be a list that defines the route to beused in order to reach the destination peer of the message. In oneembodiment, endpoint routers may not be required to fill up this list;however, doing so may decrease latency of communication between peers.Gateway reverse may include the endpoint address(es) of one or morerouting peers within the reverse route. In one embodiment, gatewayforward may be a list that defines the route to be used in order toreach the source peer of the message. In one embodiment, endpointrouters may not be required to fill up this list; however, doing so maydecrease latency of communication between peers.

[0906] In one embodiment, the endpoint router transport protocol mayhave its own endpoint address format. The following is an exemplaryendpoint address format for the endpoint router transport protocol andis not intended to be limiting:

[0907] xxxx://uuid-<PeerID unique value>

[0908] Routing

[0909] In one embodiment, the peer-to-peer platform may provide amechanism or mechanisms for searching and accessing peers, peer groups,content, services and other information in a dynamic topology of peersand peer groups, where peers and peer groups can come and go. In oneembodiment, peers and peer groups may come and go potentially withlimited or no control and notification. Peers may connect to apeer-to-peer network through various wired and wireless protocols,including “not connected” protocols such as may be used by mobileconsumer devices such as pagers and PDAs. Peers may also have to crossboundaries, for example boundaries created by firewalls and NAT (NetworkAddress Translation) routers, to connect to other peers.

[0910] In one embodiment, an application that supports the peer-to-peerplatform may help in routing and discovering. Some of the informationneeded to accomplish routing and discovering may be only known by theapplication. For example, the application may support a special type ofdata as content, and so the application may best “know” how to discoveritems of this special content. Also, the application may have a betterknowledge of the topology (related to the nature of the applicationand/or peer group) than the core peer-to-peer platform.

[0911] In one embodiment, in order to bootstrap the system, and also inorder to have a fallback mechanism if an application cannot or does notsupport one or more of the tasks, the core peer-to-peer protocols mayprovide a discovery and router mechanism for discovering peers and othercore abstractions such as advertisements, pipes, and peer groups. In oneembodiment, the discovery and routing mechanism of the peer-to-peerplatform may use as few protocols as possible, is simple, and makes useof underlying optimizations when available. Hooks into the corediscovery and router mechanism may be provided so that applications andservices may participate in the discovery and router mechanisms, forexample, by passing information to the core discovery and routermechanism. In one embodiment, an application or service may be allowedto override the core discovery and router mechanism with its own custommechanism.

[0912] In one embodiment, the core discovery and router mechanism may bebased on web crawling. Web crawling may be well suited for use inself-organizing networks such as peer-to-peer networks. In oneembodiment, peers may be configured to participate or not to participatein the discovery and router mechanism, and may be configured as to thelevel of involvement in the process In one embodiment, a peer may decidewhether to participate in a discovery or routing task depending on thepeer's configuration in the peer-to-peer network. In one embodiment, theconfiguration may be determined using an automated detection of theposition of the peer on the network and a network configuration wizardtool.

[0913] Web crawling may not create bottlenecks such as may be created bythe mechanism of a client knowing a server and always going to the sameserver to find and retrieve information (e.g. DNS, NFS etc.). Even if aserver is replicated, like DNS, it is still a centralized server. If allthe known instances of the server are not reachable, a client may loseaccess to the server, even if another (but unknown) server is, indeed,available. In a point-to-point network, the information a peer islooking for is generally “close by” or may eventually be “close by”, soweb crawling may not go too far.

[0914]FIG. 18 illustrates several core components and how they interactfor discovery and routing according to one embodiment. Application 300may use discovery 308 to find peers, peer groups, advertisements, andother entities on the peer-to-peer network, and may also publish pipe,peer, peer group, service, and other advertisements for access by otherpeers, applications and services on the peer-to-peer network. In oneembodiment, the endpoint 310 may be responsible for exchanging messagesbetween peers that are directly “connected” to each other (i.e. thepeers can reach each other without any routing and/or discovering). Whenavailable, multicast may be used to discover peers that the endpoint canreach (multicast is a mechanism which has been introduced in IP in orderto optimize this kind of process). In addition to that, or whenmulticast is not available, A rendezvous and invitation mechanism mayalso be provided. The rendezvous and invitation method may be used, forexample, if multicast is not available. For example, HTTP does notprovide multicast capabilities.

[0915] The endpoint router 312 may manage a cache of routes, for exampleroutes to remote peers. In one embodiment, the endpoint router 312 maybe configured from caching no routes to caching all routes it is awareof, depending on what the configuration wizard has decided with usercontrol. The endpoint router 312 may also forward (route) messagesdepending on what is found in the cache, and what has been configured.For instance, the endpoint router 312 may be configured to route search(propagate) requests or to not route the requests.

[0916] In one embodiment, the generic resolver 308 is a protocol thatimplements a sort of RPC (query/response) protocol on top of theendpoint 310. Discovery 306 and pipe resolver 304 may use the genericresolver. In one embodiment, discovery 306 may be responsible forsearching, caching and generating core advertisements (e.g. peer, peergroup, and pipe advertisements). Discovery 306 may use the genericresolver 308 to send query messages and to receive answers. In oneembodiment, discovery 306 may be aware of rendezvous peers and may havean invitation mechanism that may be used to assist the generic resolver308. In one embodiment, the pipe resolver 304 may be responsible forlocalizing the receiving end of a pipe 302 given a pipe advertisement.In one embodiment, the pipe resolver 304 does not search for a pipeadvertisement. In one embodiment, the pipe resolver 304 may beconfigured to manage a cache of the locations of the receiving ends(i.e. receiving peers) of the pipe 302.

[0917] The pipe protocol may use the endpoint 310 for transferringmessages (with the potential help of the endpoint router 312) betweenthe sending end of the pipe 302, and the receiving end of the pipe 302.In one embodiment, a pipe 302 may be viewed as an endpoint 310 that hasnot been bound to a particular peer. In one embodiment, a pipe 302 maybe moved seamlessly from one peer to another. In one embodiment, a pipe302 may also provides uniqueness that may not be provided by an endpoint310 since a pipe identifier is unique in time and space, and an endpoint310, being a network address, may not be.

[0918] A discovery and router mechanism based on web crawling may betime-expensive, and higher level protocols (such as applications) mayhave information that the core is not aware of that may help in the webcrawling process. In one embodiment, to enable applications toparticipate in the process, components of the core mechanism may providehooks that enable the applications to assist in the process (e.g. byproviding information). Some transport protocols such as HTTP may beconfigured for and/or dynamically learn about web rendezvous peers itcan use. An application may be provided access to the list of rendezvouspeers. In one embodiment, an application may be allowed to set/unsetroutes in an endpoint router 312. Each route may be qualified to routeor not route propagate messages such as web crawling messages and/orunicast messages. The endpoint router 312 may be viewed as a route cachemanager, which is may be controlled by an endpoint 310 and/or otherentities that may need to control it. In one embodiment, an endpointrouter 312 may be able to discover unknown routes from applications. Inone embodiment, discovery 308 may be configured (statically and/ordynamically) to control the nature and the amount of data that itmanages. In one embodiment, discovery 308 may be taught where to gosearch, or where not to go search. In one embodiment, discovery 308 maymake an “upcall” to a search/retrieve mechanism. In one embodiment, apipe resolver 304 may manage a cache of input pipes (receiving ends). Inone embodiment, pipe resolver 304 may be accessed by applications toset/unset entries in the cache.

[0919] Router Peers

[0920]FIG. 19 illustrates one embodiment of message routing in apeer-to-peer network that uses the peer-to-peer platform. Peers 200 inpeer groups 210A and 210B may communicate with each other through one ormore router peers 244. In one embodiment, message routing may routemessages to “unreachable” peers, i.e. may allow messages sent from apeer 200 to reach peers 200 that are otherwise unreachable. Networks maybe partitioned by firewalls, NAT (Network Address Translation) routers,etc. Message routing may allow messages to be delivered in partitionednetworks. Message routing may also allow peers 200 separated by one ormore partitions to participate in the same peer group(s) 210. Messagerouting may provide optimized message delivery, for example byoptimizing routes between peers 200. Message routing may allow for anadaptive peer-to-peer network (e.g. peers may move to remote locationsand still receive messages). Message routing may provide load balancing.In one embodiment, any peer may be a router peer 244.

[0921] One embodiment may provide for HTTP routing servers. In oneembodiment, HTTP routers may provide for message routes that traversefirewalls. In one embodiment, HTTP routers may provide NAT support. Inone embodiment, HTTP routers may act as message gateways (TTL). TTLstands for Time To Live (how long the request lives in the system).

[0922] The widespread use of NAT (Network Address Translation) andfirewalls may affect the operation of many peer-to-peer systems. It alsomay affect the peer-to-peer platform. In particular, a peer outside afirewall or a NAT gateway cannot discover peers inside the firewall orthe NAT gateway. In the absence of getting system administrators to letthe peer-to-peer platform traffic through (say by opening a specialincoming port at the firewall or gateway), possible methods to deal withthis problem include, but are not limited to:

[0923] In one embodiment, peers inside firewalls may be asked toinitiate connections to peers outside the firewall.

[0924] In one embodiment, peer nodes may be set up that operate likemailbox offices where traffic to a peer inside the firewall is queued upto be picked up at a designated relay peer outside the firewall. Thepeer inside the firewall can initially reach outside the firewall,select a relay peer, and widely advertise this fact. Later, it canperiodically contact the relay peer to retrieve messages.

[0925] One embodiment of the peer-to-peer platform may provide routerpeers. The router peers may be at a lower level than rendezvous peers.The router peers may provide “pure” message routing. By looking at thedestination and source addresses, the router peer may determine where amessage needs to be sent. In one embodiment, a router peer may call oraccess a rendezvous peer to “discover” information about peers, etc. Inother words, the router peer may access information from a rendezvouspeer to use the information in routing messages.

[0926] In one embodiment, router peers may provide the lowest messagerouting layer in the peer-to-peer platform. Routing may involve complextopologies. For example, the routing peers may provide a method to routeacross a firewall, particularly from peers outside the firewall to peersinside the firewall. A peer cannot send a message directly to anotherpeer behind a firewall, since by definition there may be no direct routefrom a peer outside the firewall to a peer inside the firewall. A routerpeer may route messages to a gateway peer (a mailbox server wheremessages for peers behind the firewall may be temporarily stored). Inone embodiment, the gateway peer may be a router peer acting as agateway. The peers behind the firewall may periodically poll themailboxes provided by the gateway peer to determine if someone has triedto contact them (i.e. are there any messages in my mailbox?). Note thata “pipe” provides an abstraction at a higher level than the messagerouting provided by router peers, and thus, a pipe may be an abstractionacross the network topology between peers, for example peers on oppositesides of a firewall, through which the peers may communicate. At thelowest level, one or more router peers may discover and establish theactual communications route between the peers. This level, however, maybe transparent to the peers, who only “see” the pipes.

[0927] In one embodiment, a router peer may build a route table. Therouter peer may keep information about routes that it discovers andstore them in the route table. This allows the router peer to build aknowledge base (the route table) about the network topology as moremessages flow on the system. This information may be used by the routerpeer to discover and establish optimal routes between entities in thenetwork, and may increase its ability to reach other peers.

[0928] A router peer may access another router peer it is aware of toget route information. The route information may be described as astacked set of destinations (and the routes to the destinations). In oneembodiment, the information the router peer stores on a particular routemay be incomplete, because the router peer may only know about the routeup to a certain point. For example, the router peer may know about afirst portion of a route up to another router peer, which knows aboutthe next portion of the route, and so on.

[0929] In one embodiment, each peer has a unique peer identifier that isindependent of, and is not assigned to, fixed addresses. Peers may movearound. Therefore, the peer-to-peer network topology may be dynamic, andmay change every time a peer goes away or moves. Thus, in oneembodiment, the routing method provided by the router peers may bedynamic to support the dynamic topology. When a peer moves andreconnects, the peer is recognized as the same peer that was previouslyconnected elsewhere in the network. This process may use the uniqueidentifier of the peer to indicate that the peer is the same one thatwas previously connected elsewhere. In one example, when a peer moves,it may go through a discovery process to discover peers and rendezvouspeers in its new local subnet or region. If the peer wishes to join apeer group that it used at its previous location, it may then attempt todiscover other peers that have knowledge of the peer group or otherpeers in the peer group. The message may be passed through severalrouter peers until it may reach a router peer that has knowledge aboutthe peer group (e.g. a route to the peer group) to return to therequesting peer. For example, a user with a laptop may fly from a homeoffice to another city. When the user connects to the network in theother city, a route may be established, through the services provided byrouter peers, to the home office network peer group. The user may thenaccess email and other services provided by the peer group. From theuser's standpoint, this process may seem automatic. For example, theuser may not be required to “dial in” or connect remotely to an ISP toaccess the office as is required in typical networks using staticaddressing.

[0930] In one embodiment, when a peer becomes a router peer, it mayaccess a stored route table as a starting point. In one embodiment, thepeer may start from scratch with an empty route table. In oneembodiment, the peer, when it becomes a router peer, may initiate adiscovery of other router peers and/or rendezvous peers to get as muchconnectivity information to key peers in the network as possible.

[0931] In one embodiment, every peer may have knowledge of at least onerouter peer. In one embodiment, there may be a “universal router” thatmany or all peers may be aware of that may be accessed when a peercannot find anyone. The universal router may be able to put the peerinto contact with somebody (e.g. another peer) to help in thebootstrapping process.

[0932] Security

[0933] The security requirements of a peer-to-peer system may be similarto any other computer system. The three dominant requirements areconfidentiality, integrity, and availability. These translate intospecific functionality requirements that include authentication, accesscontrol, audit, encryption, secure communication, and nonrepudiation.Such requirements are usually satisfied with a suitable security modelor architecture, which is commonly expressed in terms of subjects,objects, and actions that subjects can perform on objects. For example,UNIX has a simple security model. Users are subjects. Files are objects.Whether a subject can read, write, or execute an object depends onwhether the subject has permission as expressed by the permissions modespecified for the object. However, at lower levels within the system,the security model is expressed with integers, in terms of UID, GID; andthe permission mode. Here, the low-level system mechanisms do not (needto) understand the concept of a user and do not (need to) be involved inhow a user is authenticated and what UID and GID they are assigned.

[0934] In one embodiment, to support different levels of resource accessin a dynamic and ad hoc peer-to-peer network, the peer-to-peer platformmay provide a role-based trust model in which an individual peer may actunder the authority granted to it by another trusted peer to perform aparticular task. Peer relationships may change quickly and the policiesgoverning access control need to be flexible in allowing or denyingaccess. In one embodiment, the trust model may provide securityincluding, but not limited to, confidentiality, authorization, dataintegrity and refutability. Confidentiality guarantees that the contentsof the message are not disclosed to unauthorized individuals.Authorization guarantees that the sender is authorized to send amessage. Data integrity guarantees that a message was not modifiedaccidentally or deliberately in transit. Refutability guarantees amessage was transmitted by a properly identified sender and is not areplay of a previously transmitted message.

[0935] In one embodiment, peer-to-peer platform messages are structuredto allow peer-to-peer platform services and applications to addarbitrary metadata information to the messages such as credentials,digests, certificates, public keys, etc. A credential is a token thatwhen presented in a message body is used to identify a sender and can beused to verify that sender's right to send the message to the specifiedendpoint. The credential is an opaque token that must be presented eachtime a message is sent. The sending address placed in the messageenvelope may be cross-checked with the sender's identity in thecredential. Each credential's implementation is specified as a plug-inconfiguration, which allows multiple authentication configurations toco-exist on the same network. Message digests guarantee the dataintegrity of messages. Messages may also be encrypted and signed forconfidentiality and refutability.

[0936] In one embodiment, the peer-to-peer platform protocols may becompatible with widely accepted transport layer security mechanisms formessage-based architectures such as Transport Layer Security (TLS),Secure Sockets Layer (SSL), and Internet Protocol Security (IPSec).However, secure transport protocols such as TLS, SSL and IPSec may onlyprovide the integrity and confidentiality of message transfer betweentwo communicating peers. In order to provide secure transfer inmulti-hops network, a trust association may be established among all theintermediary peers. Security is compromised if anyone of thecommunication links is not secured. One embodiment of the peer-to-peerplatform may provide a virtualized Transport Layer Security (TLS)implementation that allows secure endpoint-to-endpoint communicationsregardless of the number of hops required to deliver each message.

[0937] The peer-to-peer platform security model may be implemented toprovide a peer-to-peer web of trust. The web of trust may be used toexchange public keys among its members. Each peer group policy maypermit some members to be trusted to the extent that they have theauthority to sign public keys for other members as well as to do thingslike authenticate, add new members, and remove or revoke membership.

[0938] Embodiments may implement security classes for the RSA public keyexchange, the RC4 byte stream cipher, and the SHA-1 hash algorithm,among others. These classes may enable privacy by the means of apeer-to-peer TLS implementation; integrity with signed hashes;non-repudiation using the web of trust; and MACs for data authenticity.Combinations of these classes may form security suites, and thepeer-to-peer platform provides the mechanism to add new customizedsuites as required.

[0939] In some embodiments, for peer group authentication a separatePluggable Authentication Module (PAM) may be provided. Embodiments mayprovide anonymous or guest login, and login with user name and password.A login session may be in clear or cipher-text as per the peer groupsecurity policy.

[0940] The security module may be available to the core level, and thusservices, applications and advanced services and applications may plugin their own security components and protocols. For example, the web oftrust may be defined by a policy that requires authorized peer groupmembers to be well-known certificate authorities, and that peersexchange X509v3 CA signed certificates.

[0941] Given that the peer-to-peer platform is defined around theconcepts of peers and peer groups, one embodiment may include a securityarchitecture in which peer identifiers and group identifiers are treatedas low-level subjects (just like UID and GID), codats are treated asobjects (just like files), and actions are those operations on peers,peer groups, and codats.

[0942] One or more of several other characteristics of the peer-to-peerplatform may further affect the security requirements of thepeer-to-peer platform. In one embodiment, the peer-to-peer platform maybe focused on mechanisms and not policy. For example, UUIDs are usedthroughout, but they by themselves have no external meaning. Withoutadditional naming and binding services, UUIDs are just numbers that donot correspond to anything like a user or a principal. Therefore, in oneembodiment, the peer-to-peer platform may not define a high-levelsecurity model such as information flow, Bell-LaPadula, or Chinese Wall.In one embodiment, when UUIDs are bound to external names or entities toform security principals, authenticity of the binding may be ensured byplacing in the data field security attributes, for example, digitalsignatures that testify to the trustworthiness of the binding. Once thisbinding is established, authentication of the principal, access controlbased on the principal as well as the prevailing security policy, andother functions such as resource usage accounting may be performed.

[0943] In one embodiment, the peer-to-peer platform may be neutral tocryptographic schemes and security algorithms. As such, the peer-to-peerplatform may not mandate any specific security solution. In such cases,a framework may be provided where different security solutions can beplugged in. In one embodiment, hooks and placeholders may be provided sothat different security solutions may be implemented. For example, everymessage may have a designated credential field that may be used to placesecurity-related information. In one embodiment, exactly how tointerpret such information is not defined in the peer-to-peer platform,and may be left to services and applications.

[0944] In one embodiment, the peer-to-peer platform may sometimessatisfy security requirements at different levels of the system. In oneembodiment, to provide flexibility and avoid redundancy, thepeer-to-peer platform may not force a particular implementation ondevelopers. Instead, enhanced platforms based on the peer-to-peerplatform may provide the appropriate security solutions to theirtargeted deployment environment. To illustrate the last point, twosecurity concerns (communications security and anonymity) are examined.

[0945] Peers communicate through pipes. As an example, suppose bothconfidentiality and integrity in the communications channel are desired.In one embodiment, Virtual Private Networks (VPNs) may be used to moveall network traffic. In one embodiment, a secure version of the pipe maybe created, similar to a protected tunnel, such that any messagetransmitted over this pipe is automatically secured. In one embodiment,regular communications mechanisms may be used, and specific datapayloads may be protected with encryption techniques and digitalsignatures. Embodiments of the peer-to-peer platform may accommodate oneor more of these and other possible solutions.

[0946] Anonymity does not mean the absence of identity. Indeed,sometimes a certain degree of identification is unavoidable. Forexample, a cell phone number or a SIM card identification number cannotbe kept anonymous, because it is needed by the phone company toauthorize and set up calls. As another example, the IP number of acomputer cannot be hidden from its nearest gateway or router if thecomputer wants to send and receive network traffic. In general,anonymity can be built on top of identity, but not vice versa. There maybe multiple ways to ensure anonymity. In the examples above, it isdifficult to link a prepaid SIM card sold over the retail counter forcash to the actual cell phone user. Likewise, a cooperative gateway orrouter may help hide the computer's true IP address from the outsideworld by using message relays or NAT (Network Address Translation).

[0947] In one embodiment, a peer-to-peer platform-based naming servicemay bind a peer to a human user. The user's anonymity may be ensuredthrough the naming service, or the authentication service, or a proxyservice, or any combination of these. In one embodiment, thepeer-to-peer platform may be independent of the solution chosen by aparticular application.

[0948] At many places, the peer-to-peer platform may be independent ofspecific security approaches. In one embodiment, the peer-to-peerplatform may provide a comprehensive set of security primitives tosupport the security solutions used by various peer-to-peer platformservices and applications. Embodiments of the peer-to-peer platform mayprovide one or more security primitives including, but not limited to:

[0949] A simple crypto library supporting hash functions (e.g., MD5),symmetric encryption algorithms (e.g., RC4), and asymmetric cryptoalgorithms (e.g., Diffie-Hellman and RSA).

[0950] An authentication framework that is modeled after PAM (PluggableAuthentication Module, first defined for the UNIX platform and lateradopted by the Java security architecture).

[0951] A simple password-based login scheme that, like otherauthentication modules, can be plugged into the PAM framework.

[0952] A simple access control mechanism based on peer groups, where amember of a group is automatically granted access to all data offered byanother member for sharing, whereas non-members cannot access such data.

[0953] A transport security mechanism that is modeled after SSL/TLS,with the exception that it is impossible to perform a handshake, acrypto strength negotiation, or a two-way authentication on a singlepipe, as a pipe is unidirectional.

[0954] The demonstration services called Instant P2P and CMS (contentmanagement service) also make use of additional security featuresprovided by the underlying Java platform.

[0955] In one embodiment, peers, configurations, peer groups, and pipesform the backbone of the peer-to-peer platform. Security in someembodiments of the peer-to-peer platform may use credentials andauthenticators (code (e.g. computer-executable instructions) that may beused to receive messages that either request a new credential or requestthat an existing credential be validated). A credential is a token thatwhen presented in a message body is used to identify a sender and can beused to verify that sender's right to send the message to the specifiedendpoint and other associated capabilities of the sender. The credentialis an opaque token that must be presented each time a message is sent.The sending address placed in the message envelope may be crosscheckedwith the sender's identity in the credential. In one embodiment, eachcredential's implementation may be specified as a plug-in configuration,which allows multiple authentication configurations to co-exist on thesame network.

[0956] In one embodiment, messages may include, at a minimum, a peergroup credential that identifies the sender of the message as a fullmember peer in the peer group in good standing. Membership credentialsmay be used that define a member's rights, privileges, and role withinthe peer group. Content access and sharing credentials may also be usedthat define a member's rights to the content stored within the group.

[0957] In one embodiment, the peer-to-peer platform may providedifferent levels of security. In one embodiment, APIs may be provided toaccess well known security mechanisms such as RCA. In one embodiment,the peer-to-peer platform may provide a distributed security mechanismin a peer-to-peer environment. In one embodiment, this distributedsecurity may not depend on certificates administered by a centralauthority. The distributed security mechanism may allow a peer group“web of trust” to be generated. In the distributed security mechanism,peers may serve as certificate authorities (security peers). Each peergroup may include one or more peers that may serve as a certificateauthority in the group. In one embodiment, the creator of a peer groupmay become the default security authority in the group. In oneembodiment, if there is more than one creator, the creator peers maychoose one of the peers to be the security authority in the group. Inone embodiment, the peer or peers that create a peer group may definethe security methods that are to be used within the group (anywhere fromno security to high levels of security). In one embodiment, more thanone peer in a peer group may serve as a security peer. Since peers arenot guaranteed to be up at all times, having multiple security peers ina peer group may help insure that at least one security peer isavailable at all times. In one embodiment, the peer group's certificatepeer may verify keys to provide a weak level of trust. In oneembodiment, peer-to-peer platform advertisements may include informationto describe the security mechanism(s) to be used in a peer group. Forexample, the advertisement may include information to do public keyexchange, information to indicate what algorithms are to be used, etc.The advertisement may also include information that may be used toenforce secure information exchange on pipes (e.g. encryptioninformation).

[0958] In one embodiment, peer group security may establish a “socialcontract”. The role of security is distributed across peer groups, andacross members of peer groups, that all agree to participate by therules. A peer group may establish the set of rules by which security inthe group is enforced. A peer may join the peer group with a low levelof security clearance (low trust). If the peer stays in the group andbehaves (follows the rules), the peer may build up its level of trustwithin the group, and may eventually be moved up in its security level.Within peer groups operating under a social contract, certificatesand/or public keys may be exchanged without the participation of astrict certificate authority; i.e. the members may exchange certificatesbased upon their trust in each other. In one embodiment, a peer groupmay use an outside challenge (e.g. a secret group password) that may beencrypted/decrypted with public/private keys, as a method to protect andverify messages within the group. In one embodiment, peer groups may beconfigured to use other types of security, including a high level ofsecurity, for example using a strict certificate authority, and even nosecurity. In one embodiment, peer-to-peer platform messages exchangedwithin a group may have a “placeholder” for security credentials. Thisplaceholder may be used for different types of credentials, dependingupon the security implementation of the particular group. In oneembodiment, all peer-to-peer messages within the group may be requiredto have the embedded credential. One embodiment may support privatesecure pipes.

[0959] Peer-to-Peer Platform Firewalls and Security

[0960] The peer-to-peer platform may provide one or more methods fortraversing firewalls. FIG. 20 illustrates traversing a firewall 248 in avirtual private network when access is initiated from outside onlyaccording to one embodiment. Peers 200 on either side of the firewall248 may each belong to one or more peer groups. In one embodiment, entrymay be restricted to peers 200 with access privileges. In this example,peers 200A and 200B have access privileges, but peer 200C does not.Thus, peers 200A and 200B may access peers 200D and 200E throughfirewall 248. In one embodiment, HTTP “tunnels” may be used, withproxies 246 in the “DMZ” of the firewall 248.

[0961]FIG. 21 illustrates email exchange through a firewall 248 via anemail gateway 260 according to one embodiment. In this example, peers200A and 200B outside the firewall 248 may exchange messages to peers200C and 200D via the email gateway 260. In one embodiment, there may bean SMTP (Simple Mail Transfer Protocol) service 262 on each peer 200. Inone embodiment, 100% peer-to-peer access may not be guaranteed. In oneembodiment, inside the firewall 248, mail account administration mayimpose restrictions. In one embodiment, email addresses may not berequired for all peers 200 outside of the firewall 248.

[0962]FIG. 22 illustrates several methods of traversing a firewall 248when access is initiated from the inside according to one embodiment.One or more peers 200 may be inside the firewall 248, and one or morepeers 200 may be outside the firewall 248. In one embodiment, each peer200 that needs to traverse firewall 248 may include a mini-HTTP server.In this embodiment, an HTTP proxy may be used to provide peer-to-peerHTTP tunnels 264 through firewall 248. In one embodiment, Secure Shell(SSH) tunnels 266 may be used to traverse firewall 248. One embodimentmay support SOCKS connections 268 if SOCKS is supported in the firewall248. SOCKS is typically used to telnet/ftp to the “outside.” Otherembodiments may include other methods of traversing firewalls.

[0963] In one embodiment, peer-to-peer platform core protocols may beused for firewall traversal. In one embodiment, the impact on thepeer-to-peer protocol core may be minimized in the traversal method. Inone embodiment, peers may use the “pure” core protocols for traversalwhenever possible. In embodiments where the core protocols need to beextended for traversal, a “divide and conquer” technique may be used. Ina divide and conquer technique, any new configurations (policies) may beisolated behind the firewall. A proxy or proxies may then be used tomediate with and bridge to the core protocols. In one embodiment, peerson either side of the firewall may initiate peer group contact with fullpeer-to-peer protocol implementation including, but not limited to, theability to initiate peer group discovery, the ability to join/leave peergroups, and the ability to create end-to-end pipes (cipher text dataexchange when required).

[0964]FIG. 23 illustrates one embodiment of a peer-to-peer platformproxy service 270, and shows various aspects of the operation of theproxy service. One or more peers 200 may be inside a firewall 248, andone or more peers 200 may be outside the firewall 248. Peer-to-peerplatform proxy service 270 is also shown outside the firewall 248. Proxyservice 270 may be used to enable peer 200 and peer group contact acrossfirewall 248. Firewall 248 may include an email gateway 260. In oneembodiment, the proxy service 270 may be used to bridge peer-to-peerplatform protocols 272 with HTTP 274, email 276 and/or SOCKS 278. Theproxy service 270 may allow peers 200 to send requests to communicateacross firewall 248. Through the proxy service 270, peer-to-peerplatform messages may be posted for delivery across the firewall 248. Inone embodiment, the proxy service 270 may allow secure pipes to beestablished across the firewall 248 as necessary.

[0965]FIG. 24 illustrates a method of using a proxy service for peergroup registration according to one embodiment. The proxy service maypermit firewall-independent peer group membership. Three peer regions212 are shown, with two (region 212A and 212B) on one side of firewall248 and one (region 212C) on the other side of firewall 248. A peergroup 210 may be established that extends across the firewall 248 intoregions 212A, 212B and 212C. One or more peers 200 in each region 212may be members of the peer group 210.

[0966]FIG. 25 illustrates peer group registration across a firewallaccording to one embodiment. Peer region 212A is shown outside of afirewall 248 and peer region 212B is behind the firewall 248. Peerregion 212A includes a peer-to-peer platform proxy service 270 andseveral peers 200. In one embodiment, a peer 200 may be serving as aproxy peer that provides the proxy service 270. Peer region 212Bincludes several peers 200 behind the firewall 248. At some point, peer200D in peer region 212B may form a peer group 210. An advertisement forthe peer group 210 may be registered on the proxy service 270 in theregion 212A. One or more peers 200 in region 212A may be notified of thenewly registered peer group 200 by the proxy service 270. In oneembodiment, the proxy service may also notify other known peer-to-peerplatform proxy services in this or other regions 212, who in turn maynotify other proxy services, and so on. Peers 200 in region 212A maythen apply for membership in peer group 200.

[0967]FIG. 26 illustrates a method of providing peer group membershipthrough a peer-to-peer platform proxy service according to oneembodiment. Peer regions 212A and 212B are shown outside of a firewall248, and peer region 212C is behind the firewall 248. The two peer groupregions 212 outside the firewall 248 each include a proxy service 270.At least one of the peers (peer 200F, in this example) in region 212Cbehind the firewall belongs to a peer group 210. The peer group 210 maybe registered with the proxy services 270 in the regions 212A and 212Boutside the firewall 248. A peer 200 in either of the regions outsidethe firewall may join the peer group 200 by proxy through the proxyservice 270 in its region 212. Peers 200 in the regions 212 outside thefirewall 248 that are members of the peer group 210 may also leave thepeer group 210 through the proxy service 270. Membership information(e.g. included in peer group advertisements) for the peer group 200 maybe synchronized on all known proxy services 270 outside the firewall248. In one embodiment, a proxy service 270 may be a member peer of alllocally registered peer groups 200.

[0968] Several levels of authentication may be provided in one or moreembodiments of the peer-to-peer platform. Anonymous login may beprovided in one embodiment. In one embodiment, a plain text login (useror user and password) may be provided. In one embodiment, login withprivacy may be provided. In this embodiment, public key exchange may beused and/or a symmetric master key. In one embodiment, the login processmay return a credential to the joining peer so that the peer may bypassthe login process until the credential expires. One embodiment mayprovide a public key chain that may be used by registered users toeliminate public key exchanges and thus provides unauthenticated access.On embodiment may provide secure public key exchange with signedcertificates.

[0969]FIGS. 27A and 27B illustrate a method of providing privacy in thepeer-to-peer platform according to one embodiment. FIG. 27A shows a peerregion 212 with peers 200A and 200B and a peer-to-peer platform proxyservice 270. Peers 200A and 200B may fetch and cache public keys from apublic key chain 280 of the proxy service 270. The cached public keysmay have expiration dates. Peers 200A and/or 200B may compute a mastersecret key for one or more of the public keys. Using the keys, ciphertext may be exchanged between peers 200A and 200B in privacy asillustrated in FIG. 27B.

[0970] The peer-to-peer platform may include one or more methods forproviding data integrity in the peer-to-peer environment. These methodsmay be used to insure that what is sent is what is received. Oneembodiment may use a standard hash on data (e.g. Secure Hash Algorithm(SHA-1) as defined by the Secure Hash Standard of the FederalInformation Processing Standards Publication 180-1). A weak form and/ora strong form may be used in embodiments. In one embodiment, the weakform may use a public key ring and symmetric master to sign data. Thismethod may work best between two peers each having he other's publickey. In one embodiment, the strong form may use a symmetric keyalgorithm such as RSA (Rivest-Shamir-Adleman) and certificateauthorities. In one embodiment, the peer-to-peer platform may provide aproxy public certificate authority service. The authority service maycreate, sign and distribute certificates (e.g. X509 certificates) forall peers on a public key chain. In one embodiment, the proxy service'spublic key may be resident on each proxied peer. Other embodiments mayutilize other integrity methods.

[0971]FIGS. 28A and 28B illustrate one embodiment of a method for usinga peer-to-peer platform proxy service as a certificate authority. FIG.28A illustrates a peer region 212 with several peers 200 and a proxyservice 270. The proxy service 270 may distribute signed certificates inresponse to peer requests as required. The peers 200 may validate theproxy service 270 signature using a proxy service public key. Asillustrated in FIG. 28B, when exchanging content with other peers 200, apeer 200 may sign the content with the destination peer's public key anddistribute the cipher text.

[0972] Peer Monitoring and Metering

[0973] Peer monitoring may include the capability to closely keep trackof a (local or remote) peer's status, to control the behavior of a peer,and to respond to actions on the part of a peer. These capabilities maybe useful, for example, when a peer network wants to offer premiumservices with a number of desirable properties such as reliability,scalability, and guaranteed response time. For example, a failure in thepeer system may be detected as soon as possible so that correctiveactions can be taken. In one embodiment, an erratic peer may be shutdown and its responsibilities transferred to another peer. Peer meteringmay include the capability to accurately account for a peer'sactivities, in particular its usage of valuable resources. Such acapability is essential if the network economy is to go beyond flat-rateservices. Even for providers offering flat rate services, it is to theiradvantage to be able to collect data and analyze usage patterns in orderto be convinced that a flat rate structure is sustainable andprofitable. In one embodiment, the peer-to-peer platform may providemonitoring and metering through the peer information protocol, where apeer can query another peer for data such as up time and amount of datahandled. Security is important in peer monitoring and metering. In oneembodiment, a peer may choose to authenticate any command it receives.In one embodiment, a peer may decide to not answer queries from suspectsources.

[0974] Conclusion

[0975] Various embodiments may further include receiving, sending orstoring instructions and/or data implemented in accordance with theforegoing description upon a carrier medium. Generally speaking, acarrier medium may include storage media or memory media such asmagnetic or optical media, e.g., disk or CD-ROM, volatile ornon-volatile media such as RAM (e.g. SDRAM, DDR SDRAM, RDRAM, SRAM,etc.), ROM, etc. as well as transmission media or signals such aselectrical, electromagnetic, or digital signals, conveyed via acommunication medium such as network and/or a wireless link.

[0976] The various methods as illustrated in the Figures and describedherein represent exemplary embodiments of methods. The methods may beimplemented in software, hardware, or a combination thereof. The orderof method may be changed, and various elements may be added, reordered,combined, omitted, modified, etc.

[0977] Various modifications and changes may be made as would be obviousto a person skilled in the art having the benefit of this disclosure. Itis intended that the invention embrace all such modifications andchanges and, accordingly, the above description to be regarded in anillustrative rather than a restrictive sense.

What is claimed is:
 1. A peer-to-peer network system, comprising: aninitiating peer node configured to: generate a mobile agent including anitinerary indicating a plurality of peer nodes in the peer-to-peernetwork to be visited by the mobile agent, wherein the mobile agentfurther includes a function configured to be performed at each peer nodeindicated by the itinerary; send the mobile agent to a first peer nodeof the plurality of peer nodes indicated by the itinerary; the firstpeer node, configured to: receive the mobile agent; perform the functionas indicated by the mobile agent; and send the mobile agent to a nextpeer node of the plurality of peer nodes indicated by the itinerary. 2.The peer-to-peer network system as recited in claim 1, wherein each ofthe plurality of peer nodes on the itinerary is configured to: receivethe mobile agent; perform the function as indicated by the mobile agent;and send the mobile agent to a subsequent peer node of the plurality ofpeer nodes indicated by the itinerary.
 3. The peer-to-peer networksystem as recited in claim 1, wherein the itinerary indicates one ormore peer-to-peer communication channels for receiving the mobile agent,wherein each peer-to-peer communication channel corresponds to adifferent one of the peer nodes of the itinerary, and wherein, toreceive the mobile agent, the first peer node is further configured toreceive the mobile agent over a corresponding one of the peer-to-peercommunication channels indicated by the itinerary.
 4. The peer-to-peernetwork system as recited in claim 3, wherein the peer-to-peer networkis configured to implement a peer-to-peer communication protocol forsending peer-to-peer communications to a destination peer node over apeer-to-peer communication channel using a network transport protocol ofthe peer-to-peer communication channel.
 5. The peer-to-peer networksystem as recited in claim 3, wherein, to send the mobile agent to anext peer node of the plurality of peer nodes indicated by theitinerary, the first peer node is further configured to select a nextpeer-to-peer communication channel corresponding to the next peer nodefrom the one or more peer-to-peer communication channels in theitinerary.
 6. The peer-to-peer network system as recited in claim 1,wherein the first peer node is further configured to modify theitinerary to indicate that the mobile agent has visited the first peernode.
 7. The peer-to-peer network system as recited in claim 1, whereinthe initiating peer node and peer nodes indicated by the itinerary eachinclude a mobile agent handler configured to receive and send mobileagents.
 8. The peer-to-peer network system as recited in claim 1,wherein the initiating peer node is further configured to: discover onthe peer-to-peer network an advertisement for each peer node on theitinerary, wherein the discovered advertisements each indicate acorresponding peer node that is configured to receive mobile agents; andgenerate the itinerary from the discovered advertisements.
 9. Thepeer-to-peer network system as recited in claim 8, wherein, to generatethe itinerary from the discovered advertisements, the initiating peernode is further configured to generate a list of peer-to-peercommunication channels for receiving the mobile agent, wherein eachpeer-to-peer communication channel corresponds to a different one of thepeer nodes on the itinerary.
 10. The peer-to-peer network system asrecited in claim 1, wherein the mobile agent is configured to return tothe initiating peer node after visiting all peer nodes indicated by theitinerary.
 11. The peer-to-peer network system as recited in claim 1,wherein the mobile agent is configured to return to the initiating peernode before visiting all peer nodes indicated by the itinerary.
 12. Thepeer-to-peer network system as recited in claim 1, wherein, to send themobile agent to a next peer node of the plurality of peer nodesindicated by the itinerary, the first peer node is further configuredto: determine if the next peer node indicated by the itinerary isavailable to receive the mobile agent; if the next peer node indicatedby the itinerary is available to receive the mobile agent, send themobile agent to the next peer node indicated by the itinerary.
 13. Thepeer-to-peer network system as recited in claim 12, wherein, to send themobile agent to a next peer node of the plurality of peer nodesindicated by the itinerary, the first peer node is further configuredto: if the next peer node indicated by the itinerary is not available toreceive the mobile agent: select another peer node indicated by theitinerary as the next peer node on the itinerary; and send the mobileagent to the selected next peer node.
 14. The peer-to-peer networksystem as recited in claim 1, wherein the mobile agent is configured tobe sent as one or more peer-to-peer messages in the peer-to-peernetwork.
 15. The peer-to-peer network system as recited in claim 1,wherein, to perform the function as indicated by the mobile agent, thefirst peer node is further configured to add data to a data payload ofthe mobile agent.
 16. The peer-to-peer network system as recited inclaim 15, wherein the initiating peer node is further configured to:receive the mobile agent; and extract the data payload from the mobileagent.
 17. The peer-to-peer network system as recited in claim 1,wherein the plurality of nodes is configured to implement a peer-to-peerenvironment on the network according to a peer-to-peer platformcomprising one or more peer-to-peer platform protocols for enabling theplurality of nodes to discover each other, communicate with each other,find and exchange codats, and send and receive mobile agents in thepeer-to-peer environment.
 18. A peer node, comprising: a processor; amemory comprising program instructions, wherein the program instructionsare executable by the processor to: generate a mobile agent and anitinerary for the mobile agent, wherein the itinerary indicates aplurality of peer nodes in a peer-to-peer network to be visited by themobile agent, and wherein the mobile agent indicates a function to beperformed at each peer node indicated by the itinerary; and send themobile agent to a first peer node on the itinerary; wherein the mobileagent is configured to visit each of the peer nodes indicated by theitinerary and perform said function on each visited peer node.
 19. Thepeer node as recited in claim 18, wherein the program instructions arefurther executable by the processor to: receive the mobile agent from apeer node on the itinerary, wherein the mobile agent includes a datapayload generated by the function on one or more of the plurality ofpeer nodes indicated by the itinerary; and extract the data payload fromthe mobile agent.
 20. The peer node as recited in claim 18, wherein theitinerary includes a list of peer-to-peer communication channels,wherein each peer-to-peer communication channel corresponds to adifferent peer node on the itinerary, and wherein, to send the mobileagent to a first peer node on the itinerary, the program instructionsare further executable by the processor to send the mobile agent overone of the peer-to-peer communication channels corresponding to thefirst peer node on the itinerary.
 21. The peer node as recited in claim20, wherein, to send the mobile agent over one of the peer-to-peercommunication channels corresponding to the first peer node on theitinerary, the program instructions are further executable by theprocessor to select the one of the peer-to-peer communication channelscorresponding to the first peer node on the itinerary from the list ofpeer-to-peer communication channels in the itinerary.
 22. The peer nodeas recited in claim 18, wherein the program instructions are furtherexecutable by the processor to: discover on the peer-to-peer network anadvertisement for each peer node on the itinerary, wherein thediscovered advertisements each indicate a corresponding peer node thatis configured to receive mobile agents; and generate the itinerary fromthe discovered advertisements.
 23. The peer node as recited in claim 22,wherein, to generate the itinerary from the discovered advertisements,the program instructions are further executable by the processor togenerate a list of peer-to-peer communication channels for receiving themobile agent, wherein each peer-to-peer communication channelcorresponds to a different one of the peer nodes on the itinerary. 24.The peer node as recited in claim 18, wherein, to send the mobile agentto a first peer node on the itinerary, the program instructions arefurther executable by the processor to send the mobile agent as one ormore peer-to-peer messages on the peer-to-peer network.
 25. The peernode as recited in claim 18, wherein the peer node is configured toparticipate in a peer-to-peer environment with other peer nodesaccording to a peer-to-peer platform comprising one or more peer-to-peerplatform protocols for enabling the peer nodes to discover each other,communicate with each other, find and exchange codats, and send andreceive mobile agents to and from other peer nodes in the peer-to-peerenvironment.
 26. A peer node, comprising: a processor; a memorycomprising program instructions, wherein the program instructions areexecutable by the processor to: receive a mobile agent according to anitinerary of the mobile agent, wherein the itinerary indicates aplurality of peer nodes in a peer-to-peer network including the peernode, wherein the mobile agent includes a function configured to beperformed at each peer-node indicated by the itinerary; perform thefunction of the mobile agent; and send the mobile agent to a next peernode indicated by the itinerary.
 27. The peer node as recited in claim26, wherein the itinerary includes a list of peer-to-peer communicationchannels, wherein each peer-to-peer communication channel corresponds toa different peer node on the itinerary, and wherein, to send the mobileagent to a next peer node indicated by the itinerary, the programinstructions are further executable by the processor to send the mobileagent over one of the peer-to-peer communication channels correspondingto the next peer node.
 28. The peer node as recited in claim 27,wherein, to send the mobile agent over one of the peer-to-peercommunication channels corresponding to the next peer node, the programinstructions are further executable by the processor to select thepeer-to-peer communication channel corresponding to the next peer nodefrom the list of peer-to-peer communication channels in the itinerary.29. The peer node as recited in claim 26, wherein the programinstructions are further executable by the processor to modify themobile agent to indicate that the mobile agent visited the peer node.30. The peer node as recited in claim 26, wherein, to perform thefunction of the mobile agent, the program instructions are furtherexecutable by the processor to store data as part of a payload of themobile agent.
 31. The peer node as recited in claim 26, wherein, to sendthe mobile agent to a next peer node indicated by the itinerary, theprogram instructions are further executable by the processor to send themobile agent as one or more peer-to-peer messages on the peer-to-peernetwork.
 32. The peer node as recited in claim 26, wherein the peer nodeis configured to participate in a peer-to-peer environment with otherpeer nodes according to a peer-to-peer platform comprising one or morepeer-to-peer platform protocols for enabling the peer nodes to discovereach other, communicate with each other, find and exchange codats, andsend and receive mobile agents to and from other peer nodes in thepeer-to-peer environment.
 33. A method, comprising: an initiating peernode in a peer-to-peer network sending a mobile agent including anitinerary indicating peer nodes to be visited by the mobile agent to apeer node on the itinerary, wherein the mobile agent includes a functionconfigured to be performed at each peer node indicated by the itinerary;the peer node receiving the mobile agent; performing the function of themobile agent on the peer node; and the peer node sending the mobileagent to a next peer node indicated by the itinerary.
 34. The method asrecited in claim 33, further comprising repeating said receiving, saidperforming, and said sending the mobile agent to a next peer nodeindicated by the itinerary for each peer node indicated by theitinerary.
 35. The method as recited in claim 33, wherein the itineraryindicates one or more peer-to-peer communication channels for receivingthe mobile agent, wherein each peer-to-peer communication channelcorresponds to a different one of the peer nodes of the itinerary, andwherein said receiving comprises the peer node receiving the mobileagent over a corresponding one of the peer-to-peer communicationchannels indicated by the itinerary.
 36. The method as recited in claim35, wherein the peer-to-peer network is configured to implement apeer-to-peer communication protocol for sending peer-to-peercommunications to a destination peer node over a peer-to-peercommunication channel using a network transport protocol of thepeer-to-peer communication channel.
 37. The method as recited in claim35, wherein the peer node sending the mobile agent to a next peer nodecomprises selecting a next peer-to-peer communication channelcorresponding to the next peer node from the one or more peer-to-peercommunication channels indicated by the itinerary.
 38. The method asrecited in claim 33, further comprising modifying the itinerary toindicate that the mobile agent has visited the peer node.
 39. The methodas recited in claim 33, wherein each peer node indicated by theitinerary includes a mobile agent handler configured to receive and sendthe mobile agent.
 40. The method as recited in claim 33, furthercomprising: the initiating peer node discovering on the peer-to-peernetwork an advertisement for each peer node on the itinerary, whereinthe discovered advertisements each indicate a corresponding peer nodethat is configured to receive mobile agents; and generating theitinerary from the discovered advertisements.
 41. The method as recitedin claim 40, wherein said generating the itinerary from the discoveredadvertisements comprises generating a list of peer-to-peer communicationchannels for receiving the mobile agent, wherein each peer-to-peercommunication channel corresponds to a different one of the peer nodeson the itinerary.
 42. The method as recited in claim 33, wherein themobile agent is configured to return to the initiating peer node aftervisiting all peer nodes indicated by the itinerary.
 43. The method asrecited in claim 33, further comprising the mobile agent returning tothe initiating peer node before visiting all peer nodes indicated by theitinerary.
 44. The method as recited in claim 33, wherein the peer nodesending the mobile agent to a next peer node indicated by the itinerarycomprises: determining if the next peer node indicated by the itineraryis available to receive the mobile agent; and if the next peer nodeindicated by the itinerary is available to receive the mobile agent,sending the mobile agent to the next peer node indicated by theitinerary.
 45. The method as recited in claim 44, wherein the peer nodesending the mobile agent to a next peer node indicated by the itinerarycomprises, if the next peer node indicated by the itinerary is notavailable to receive the mobile agent: selecting another peer nodeindicated by the itinerary as the next peer node on the itinerary; andsending the mobile agent to the selected next peer node.
 46. The methodas recited in claim 33, wherein the mobile agent is sent as one or morepeer-to-peer messages in the peer-to-peer network.
 47. The method asrecited in claim 33, wherein said performing the function comprises oneor more of the peer nodes on the itinerary adding data to a data payloadof the mobile agent.
 48. The method as recited in claim 33, furthercomprising: the initiating peer node receiving the mobile agent; andextracting the data payload from the mobile agent.
 49. The method asrecited in claim 33, wherein peer nodes in the peer-to-peer network areconfigured to implement a peer-to-peer environment according to apeer-to-peer platform comprising one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, find and exchange codats, and send andreceive mobile agents in the peer-to-peer environment.
 50. A method,comprising: an initiating peer node in a peer-to-peer network generatinga mobile agent and an itinerary for the mobile agent, wherein theitinerary indicates a plurality of peer nodes in the peer-to-peernetwork to be visited by the mobile agent, and wherein the mobile agentindicates a function to be performed on peer nodes indicated by theitinerary; the initiating peer sending the mobile agent to a first peernode on the itinerary; and wherein the mobile agent is configured tovisit each of the peer nodes indicated by the itinerary and perform saidfunction on each visited peer node.
 51. The method as recited in claim50, further comprising: the initiating peer node receiving the mobileagent from a peer node on the itinerary, wherein the mobile agentincludes a data payload generated by the function on one or more of theplurality of peer nodes indicated by the itinerary; and the initiatingpeer node extracting the data payload from the mobile agent.
 52. Themethod as recited in claim 50, wherein the itinerary includes a list ofpeer-to-peer communication channels, wherein each peer-to-peercommunication channel corresponds to a different peer node on theitinerary, and wherein said sending the mobile agent to a first peernode on the itinerary comprises sending the mobile agent over one of thepeer-to-peer communication channels corresponding to the first peer nodeon the itinerary.
 53. The method as recited in claim 52, wherein thepeer-to-peer network is configured to implement a peer-to-peercommunication protocol for sending peer-to-peer communications to adestination peer node over a peer-to-peer communication channel using anetwork transport protocol of the peer-to-peer communication channel.54. The method as recited in claim 52, wherein said sending the mobileagent over one of the peer-to-peer communication channels correspondingto the first peer node on the itinerary comprises the initiating peernode selecting the one of the peer-to-peer communication channelscorresponding to the first peer node on the itinerary from the list ofpeer-to-peer communication channels in the itinerary.
 55. The method asrecited in claim 50, wherein the initiating peer node includes a mobileagent handler for generating and sending the mobile agent.
 56. Themethod as recited in claim 50, further comprising: the initiating peernode discovering on the peer-to-peer network an advertisement for eachpeer node on the itinerary, wherein the discovered advertisements eachindicate a corresponding peer node that is configured to receive mobileagents; and generating the itinerary from the discovered advertisements.57. The method as recited in claim 56, wherein said generating theitinerary from the discovered advertisements comprises generating a listof peer-to-peer communication channels for receiving the mobile agent,wherein each peer-to-peer communication channel corresponds to adifferent one of the peer nodes on the itinerary.
 58. The method asrecited in claim 50, wherein the mobile agent is configured to return tothe initiating peer node after visiting all peer nodes indicated by theitinerary.
 59. The method as recited in claim 50, further comprising themobile agent returning to the initiating peer node before visiting allpeer nodes indicated by the itinerary.
 60. The method as recited inclaim 50, wherein the mobile agent is configured to skip peer nodes onthe itinerary that are not accessible.
 61. The method as recited inclaim 50, wherein the mobile agent is sent as one or more peer-to-peermessages in the peer-to-peer network.
 62. The method as recited in claim50, wherein peer nodes in the peer-to-peer network are configured toimplement a peer-to-peer environment according to a peer-to-peerplatform comprising one or more peer-to-peer platform protocols forenabling the peer nodes to discover each other, communicate with eachother, find and exchange codats, and send and receive mobile agents inthe peer-to-peer environment.
 63. A method for implementing mobileagents in a peer-to-peer network, comprising: a peer node in thepeer-to-peer network receiving a mobile agent according to an itineraryof the mobile agent, wherein the itinerary indicates a plurality of peernodes in the peer-to-peer network including the peer node, wherein themobile agent includes a function configured to be performed at each peernode indicated by the itinerary; the peer node performing the functionof the mobile agent; and the peer node sending the mobile agent to anext peer node indicated by the itinerary.
 64. The method as recited inclaim 63, wherein the itinerary includes a list of peer-to-peercommunication channels, wherein each peer-to-peer communication channelcorresponds to a different peer node on the itinerary, and wherein saidsending the mobile agent to a next peer node indicated by the itinerarycomprises sending the mobile agent over one of the peer-to-peercommunication channels corresponding to the next peer node.
 65. Themethod as recited in claim 64, wherein the peer-to-peer network isconfigured to implement a peer-to-peer communication protocol forsending peer-to-peer communications to a destination peer node over apeer-to-peer communication channel using a network transport protocol ofthe peer-to-peer communication channel.
 66. The method as recited inclaim 64, wherein said sending the mobile agent to a next peer nodeindicated by the itinerary comprises the peer node selecting thepeer-to-peer communication channel corresponding to the next peer nodefrom the list of peer-to-peer communication channels in the itinerary.67. The method as recited in claim 63, wherein the peer node includes amobile agent handler for receiving and sending the mobile agent.
 68. Themethod as recited in claim 63, further comprising modifying the mobileagent to indicate that the mobile agent visited the peer node.
 69. Themethod as recited in claim 63, wherein said performing the functioncomprises the peer node storing data as part of a payload of the mobileagent.
 70. The method as recited in claim 63, wherein the next peer nodeinitiated the mobile agent received by the peer node.
 71. The method asrecited in claim 63, wherein the mobile agent is sent as one or morepeer-to-peer messages in the peer-to-peer network.
 72. The method asrecited in claim 63, wherein peer nodes in the peer-to-peer network areconfigured to implement a peer-to-peer environment according to apeer-to-peer platform comprising one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, find and exchange codats, and send andreceive mobile agents in the peer-to-peer environment.
 73. Acomputer-accessible medium comprising program instructions, wherein theprogram instructions are configured to implement: an initiating peernode in a peer-to-peer network sending a mobile agent including anitinerary indicating peer nodes to be visited by the mobile agent to apeer node on the itinerary, wherein the mobile agent includes a functionconfigured to be performed at each peer node indicated by the itinerary;the peer node receiving the mobile agent; performing the function of themobile agent on the peer node; and the peer node sending the mobileagent to a next peer node indicated by the itinerary.
 74. Thecomputer-accessible medium as recited in claim 73, wherein the programinstructions are further configured to implement repeating saidreceiving, said performing, and said sending the mobile agent to a nextpeer node indicated by the itinerary for each peer node indicated by theitinerary.
 75. The computer-accessible medium as recited in claim 73,wherein the itinerary indicates one or more peer-to-peer communicationchannels for receiving the mobile agent, wherein each peer-to-peercommunication channel corresponds to a different one of the peer nodesof the itinerary, and wherein, in said receiving the mobile agent, theprogram instructions are further configured to implement the peer nodereceiving the mobile agent over a corresponding one of the peer-to-peercommunication channels indicated by the itinerary.
 76. Thecomputer-accessible medium as recited in claim 75, wherein, in the peernode sending the mobile agent to a next peer node, the programinstructions are further configured to implement selecting a nextpeer-to-peer communication channel corresponding to the next peer nodefrom the one or more peer-to-peer communication channels indicated bythe itinerary.
 77. The computer-accessible medium as recited in claim73, wherein the program instructions are further configured toimplement: the initiating peer node discovering on the peer-to-peernetwork an advertisement for each peer node on the itinerary, whereinthe discovered advertisements each indicate a corresponding peer nodethat is configured to receive mobile agents; and generating theitinerary from the discovered advertisements.
 78. Thecomputer-accessible medium as recited in claim 77, wherein, in saidgenerating the itinerary from the discovered advertisements, the programinstructions are further configured to implement generating a list ofpeer-to-peer communication channels for receiving the mobile agent,wherein each peer-to-peer communication channel corresponds to adifferent one of the peer nodes on the itinerary.
 79. Thecomputer-accessible medium as recited in claim 73, wherein the programinstructions are further configured to implement the mobile agentreturning to the initiating peer node after visiting all peer nodesindicated by the itinerary.
 80. The computer-accessible medium asrecited in claim 73, wherein the program instructions are furtherconfigured to implement the mobile agent returning to the initiatingpeer node before visiting all peer nodes indicated by the itinerary. 81.The computer-accessible medium as recited in claim 73, wherein, in thepeer node sending the mobile agent to a next peer node indicated by theitinerary, the program instructions are further configured to implement:determining if the next peer node indicated by the itinerary isavailable to receive the mobile agent; and if the next peer nodeindicated by the itinerary is available to receive the mobile agent,sending the mobile agent to the next peer node indicated by theitinerary.
 82. The computer-accessible medium as recited in claim 81,wherein, in the peer node sending the mobile agent to a next peer nodeindicated by the itinerary, wherein the program instructions are furtherconfigured to implement, if the next peer node indicated by theitinerary is not available to receive the mobile agent: selectinganother peer node indicated by the itinerary as the next peer node onthe itinerary; and sending the mobile agent to the selected next peernode.
 83. The computer-accessible medium as recited in claim 73, whereinthe program instructions are further configured to implement sending themobile agent as one or more peer-to-peer messages in the peer-to-peernetwork.
 84. The computer-accessible medium as recited in claim 73,wherein, in said performing the function, the program instructions arefurther configured to implement: one or more of the peer nodes on theitinerary adding data to a data payload of the mobile agent; theinitiating peer node receiving the mobile agent; and extracting the datapayload from the mobile agent.
 85. The computer-accessible medium asrecited in claim 73, wherein peer nodes in the peer-to-peer network areconfigured to implement a peer-to-peer environment according to apeer-to-peer platform comprising one or more peer-to-peer platformprotocols for enabling the peer nodes to discover each other,communicate with each other, find and exchange codats, and send andreceive mobile agents in the peer-to-peer environment.
 86. Acomputer-accessible medium comprising program instructions, wherein theprogram instructions are configured to implement: an initiating peernode in a peer-to-peer network generating a mobile agent and anitinerary for the mobile agent, wherein the itinerary indicates aplurality of peer nodes in the peer-to-peer network to be visited by themobile agent, and wherein the mobile agent indicates a function to beperformed on peer nodes indicated by the itinerary; the initiating peersending the mobile agent to a first peer node on the itinerary; andwherein the mobile agent is configured to visit each of the peer nodesindicated by the itinerary and perform said function on each visitedpeer node.
 87. The computer-accessible medium as recited in claim 86,wherein the program instructions are further configured to implement:the initiating peer node receiving the mobile agent from a peer node onthe itinerary, wherein the mobile agent includes a data payloadgenerated by the function on one or more of the plurality of peer nodesindicated by the itinerary; and the initiating peer node extracting thedata payload from the mobile agent.
 88. The computer-accessible mediumas recited in claim 86, wherein the itinerary includes a list ofpeer-to-peer communication channels, wherein each peer-to-peercommunication channel corresponds to a different peer node on theitinerary, and wherein, in said sending the mobile agent to a first peernode on the itinerary, the program instructions are further configuredto implement sending the mobile agent over one of the peer-to-peercommunication channels corresponding to the first peer node on theitinerary.
 89. The computer-accessible medium as recited in claim 88,wherein, in said sending the mobile agent over one of the peer-to-peercommunication channels corresponding to the first peer node on theitinerary, the program instructions are further configured to implementthe initiating peer node selecting the one of the peer-to-peercommunication channels corresponding to the first peer node on theitinerary from the list of peer-to-peer communication channels in theitinerary.
 90. The computer-accessible medium as recited in claim 86,wherein the program instructions are further configured to implement:the initiating peer node discovering on the peer-to-peer network anadvertisement for each peer node on the itinerary, wherein thediscovered advertisements each indicate a corresponding peer node thatis configured to receive mobile agents; and generating the itineraryfrom the discovered advertisements.
 91. The computer-accessible mediumas recited in claim 90, wherein, in said generating the itinerary fromthe discovered advertisements, the program instructions are furtherconfigured to implement generating a list of peer-to-peer communicationchannels for receiving the mobile agent, wherein each peer-to-peercommunication channel corresponds to a different one of the peer nodeson the itinerary.
 92. The computer-accessible medium as recited in claim86, wherein the program instructions are further configured to implementthe mobile agent returning to the initiating peer node after visitingall peer nodes indicated by the itinerary.
 93. The computer-accessiblemedium as recited in claim 86, wherein the program instructions arefurther configured to implement the mobile agent returning to theinitiating peer node before visiting all peer nodes indicated by theitinerary.
 94. The computer-accessible medium as recited in claim 86,wherein the program instructions are further configured to implement themobile agent skipping peer nodes on the itinerary that are notaccessible.
 95. The computer-accessible medium as recited in claim 86,wherein the program instructions are further configured to implementsending the mobile agent as one or more peer-to-peer messages in thepeer-to-peer network.
 96. The computer-accessible medium as recited inclaim 86, wherein peer nodes in the peer-to-peer network are configuredto implement a peer-to-peer environment according to a peer-to-peerplatform comprising one or more peer-to-peer platform protocols forenabling the peer nodes to discover each other, communicate with eachother, find and exchange codats, and send and receive mobile agents inthe peer-to-peer environment.